Stephane Bortzmeyer wrote:
On Thu, May 28, 2009 at 04:16:31PM +0200,
Alessandro Vesely <vesely(_at_)tana(_dot_)it> wrote
a message of 14 lines which said:
The discussion was about how to get rid of the threats illustrated,
e.g., in Kaminsky, D.: "It?s the end of the cache as we know it."
I know about Kaminsky bug, the WG "DNS operations" and "DNS
extensions" spent a lot of time on it. Please do not restate the
basics and explain why SCTP (or TCP) can be compared with DNSSEC
since, as I said, DNSSEC provides *object* security and TCP (or SCTP)
can only provide a limited *channel* security.
I don't trust the data because it is signed, I trust it because the
signature proves that it originated from the authoritative server.
Therefore, if I'm connected with the authoritative server over a
trusted channel, I can trust the data even if it isn't signed. By
induction, if a resolver only uses either signed data or trusted
channels, I can trust it.
After all, cryptography just provides trusted channels of their own
kind. The comparison involves the security features of those two kinds
of channels.
The limitations in TCP or SCTP security stem from an attacker's
ability to compromise one or more routers, so as to either tamper with
the packets on the fly, or redirect them to some other host. That's
much more difficult than forging the source address of an UDP packet,
though.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf