ietf
[Top] [All Lists]

Re: [ietf] DNS spoofing at captive portals

2010-09-24 20:11:47

On 24September2010Friday, at 17:16, John Levine wrote:

Plan A: few consumers will use DNSSEC between their PCs and the ISP's 
resolver, so they won't notice.

Plan B: consumers will observe that malicious impersonation of far away 
DNS servers is rare and exotic, but malware spam arrives hourly, so they 
will make a rational tradeoff, take their ISP's advice, and turn off 
DNSSEC.

Something else occurs to me:

Plan C: Sophisticated ISPs might configure their own DNSSEC key into
customer resolvers, and sign replacement records with that.

The threat model for DNSSEC has always been, approximately, that the
authoritative server at the far end is friendly, and the middleboxes
are hostile.  But we have real situtations where the opposite is true,
quite possibly more often than the other way around.

presuming your statement about an inversion of the stated trust model is 
correct,
can we dereference "friendly" and "hostile" to whom?  Who makes that assessment
and who/what defines the tools to implement a trust policy?


--bill



If we want people deploying DNSSEC widely, we need to make sure it
handles the actual threats they face.

R's,
John

PS: If I plug my random Windows PC or Mac into a cable modem, and I tell
it to use DNSSEC, where does it get the top level validation keys?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf