On 9/12/13 7:24 AM, "Theodore Ts'o" <tytso(_at_)mit(_dot_)edu> wrote:
On Wed, Sep 11, 2013 at 03:38:21PM -0400, Phillip Hallam-Baker wrote:
I disagree. DNSSEC is not just DNS: its the only available,
deployed, and
(mostly) accessible global PKI currently in existence which also
includes a
constrained path of trust which follows already established business
relationships.
Except that virtually nobody uses DNSSEC and most of the registrars
don't
support it.
More importantly, what problem do people think DNSSEC is going to
solve?
It is still a hierarchical model of trust. So at the top, if you
don't trust Verisign for the .COM domain and PIR for the .ORG domain
(and for people who are worried about the NSA, both of these are US
corporations), the whole system falls apart.
And even if you believe Verisign and PIR are a paragons of virtue
which are incorruptible (even when in a dark room when no one can see,
as the old Chinese saying goes), what about all of the registrars?
There are vastly different aspects to trust in PKI vs DNSSEC, specifically
about trust vs validation.
In this context, "validation" means, having the domain owner verify that
the DNSSEC and DNS records for their domain, reflect reality.
In order to subvert or redirect a delegation, the TLD operator (or
registrar) would need to change the DNS server name/IP, and replace the DS
record(s).
This would be immediately evident to the domain owner, when they query the
TLD authority (delegation) servers.
In other words, "trust but verify" is an intrinsic part of DNSSEC,
regardless of where in the (trusted) hierarchy delegation occurs, or which
parties are involved in updating the delegation components. DNS can't
scale without delegation and caching. With DNSSEC, all of these elements
support scalable, secure verification and validation.
The ability to monitor this in real time, at centralized locations (TLD
authority servers) scales very well and comes as close to a guarantee of
verifiable security as is practical.
On the other hand, a domain owner currently has no feasible way to
determine that a PKI certificate has been issued for its domain (or any
host in its domain), by any CA other than the CA that issued the "real"
certificate. PKI certificates are tied to names, not IP addresses, and are
not published anywhere. Thus, there is no method, short of querying every
web server, BY NAME, via HTTPS, on the planet, to actively detect "forged"
certificates. If DNSSEC is not used to protect the domain, having a forged
certificate and poisoning DNS caches is all an attacker needs to do - or
being a MitM, which removes the need to poison the cache.
Brian