On Nov 25, 2013, at 12:33 PM, David Conrad <drc(_at_)virtualized(_dot_)org>
wrote:
Ignoring the fact that the private key is stored in an HSM with multiple
layers of protection that requires a number of people to even get into the
room in which the cage that holds the safe which contains the HSMs are
stored, what _exactly_ would the FBI _do_ with the private root key?
The root key (or a TLD key) can be used to create a fake hierarchy, nearly
identical to the real hierarchy, but with a few changes. Install this on a
few targeted name servers and you can install fake DANE certs that validate.
If you did this in a pervasive manner, it would be easy to detect, but only if
we are checking. For targeted attacks, it's still probably possible to defend
against it, but a DNSSEC validator that could detect that it might be under
such an attack would be a fun challenge and would require some careful thinking.
Actually, getting a TLD key like the .COM key would make for a more effective
attack, since it's fairly easy to cache all the TLD keys and notice weird
changes to them, but it's a lot harder to cache keys for all the registered
domains you might ever visit.
My point is simply that we can't just wave our hands and say "DANE" and be
satisfied. If we put all our eggs in the DNSSEC basket, we need to think
about what threats that exposes us to, and address those threats. Simply
checking the signatures proves nothing if the trust anchor(s) we use to check
have been compromised.