ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

2013-09-06 16:07:06
from [Måns Nilsson] [Permanent Link] 
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving 
the Internet from the NSA Date: Fri, Sep 06, 2013 at 11:46:17AM -0400 Quoting 
Ted Lemon (ted(_dot_)lemon(_at_)nominum(_dot_)com):

On Sep 6, 2013, at 3:25 AM, Måns Nilsson 
<mansaxel(_at_)besserwisser(_dot_)org> wrote:

I do think that more distributed technoligies like DANE play an important
rôle here.


Right, because there's no way the NSA could ever pwn the DNS root key.


It is probably easier for NSA or similar agencies in other countries
to coerce X.509 root CA providers that operate on a competetive market
than fooling the entire international DNS black helicopter cabal. But
that is -- I admit -- an educated guess, based on personal relations.


What we should probably be thinking about here is:

  - Mitigating single points of failure (IOW, we _cannot_ rely
    on just the root key)


In effect, DANE exchanges one trust model for another. I happen
to believe that the damage risque is lower with DNSSEC + DANE than the
traditional "any CA can issue a certificate for any domain name" setup.


  - Hybrid solutions (more trust sources means more work to
    compromise)
  - Sanity checking (if a key changes unexpectedly, we should
    be able to notice)
  - Multiple trust anchors (for stuff that really matters, we
    can't rely on the root or on a third party CA)
  - Trust anchor establishment for sensitive communications
    (e.g. with banks)


agree on all. 
 

The threat model isn't really the NSA per se—if they really want to bug you, 
they will, and you can't stop them, and that's not a uniformly bad thing.   
The problem is the breathtakingly irresponsible weakening of crypto systems 
that has been alleged here, and what we can do to mitigate that.   Even if we 
aren't sure that it's happened, or precisely what's happened, it's likely 
that it has happened, or will happen in the near future.  We should be 
thinking in those terms, not crossing our fingers and hoping for the best.

 
Audit and open source seem to be good starting points. 

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Yow!  It's some people inside the wall!  This is better than mopping!

Attachment: signature.asc
Description: Digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, George, Wes
Next by Date:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, SM
Previous by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, Keith Moore
Next by Thread:  Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA, David Conrad
Indexes:  [Date] [Thread] [Top] [All Lists]