Christian Huitema wrote:
That is, security of DNSSEC involves third parties and is not end
to end.
That is indeed correct. An attacker can build a fake hierarchy of
"secure DNS" assertions and try to get it accepted. The attack can
succeed with the complicity of one of the authorities in the
hierarchy. It is a classic "attack by a trusted party".
Yes, the hierarchy has hops.
For my domain: "necom830.hpcl.titech.ac.jp", hierarechy of zones
have hops of ".", "jp", "ac.jp", "titech.ac.jp" and
"hpcl.titech.ac.jp". The authority hops are IANA, JPNIC, my
university, and my lab. Though you may have direct relationship
with IANA, JPNIC is the third party for both you and me.
If an intermediate authority has
been compromised, it can just as well insert a fake NS record --
that's not harder than a fake record signature.
So, with a compromised hop of an intermediate authority, record
signature on the faked next hop key can be generated.
Then, with a private key corresponding to the faked next hop key,
record signature on the faked second next hop key can be generated.
Then, with a private key corresponding to the faked second next
hop key, record signature on the faked third next hop key can be
generated.
Yes, security of DNSSEC is totally hop by hop.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf