On Sep 12, 2013, at 7:24 AM, Theodore Ts'o <tytso(_at_)mit(_dot_)edu> wrote:
It is still a hierarchical model of trust. So at the top, if you
don't trust Verisign for the .COM domain and PIR for the .ORG domain
(and for people who are worried about the NSA, both of these are US
corporations), the whole system falls apart.
This isn't _quite_ true. DNSSEC supports trust anchors at any point in the
hierarchy, and indeed I think the right model for DNSSEC is that you would
install trust anchors for things you really care about, and manage them in the
same way that you manage your root trust anchor. E.g., you'd install a trust
anchor for your employer, and your bank, and maybe your local town government.
This is all future UI work, of course.
Furthermore, if the root key is compromised and that is then used to substitute
a bogus key, it isn't that hard to notice that this has happened, and indeed we
ought to be systematically noticing these things. So hacking the root key is
certainly a valid threat, but there is a great deal more transparency in the
DNSSEC system than in the TLS PKI, and that should mean that the system is more
robust in the face of this kind of attack.
That said, multiple independent systems used together, managed separately, will
likely also add value, so TLS PKI + DNSSEC is probably better than TLS PKI or
DNSSEC separately, modulo DoS attacks, which in this case would be easily
detected and fixed.