ietf
[Top] [All Lists]

Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

2014-08-06 17:40:18


--On Wednesday, August 06, 2014 07:15 +0200 Patrik Fältström
<paf(_at_)frobbit(_dot_)se> wrote:


On 6 aug 2014, at 04:26, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:

Use DANE without DNSSec, and calling it opportunistic
probably makes sense.  Using it with DNSSec and it doesn't.

The devil is in the details. I think we disagree on the
meaning of the word "opportunistic", and the evaluation of
whether you are lucky enough.

Personally, I think that as fragile the current CA system is,
I think DANE without DNSSEC is more stable and better than the
current CA system. And better than self-signed-certs that one
"just accept" (which happens quite a lot).

Conversely (and without agreeing or disagreeing with either of
you), the discussion suggests noting, again, the very limited
nature of what DNSSEC actually protects.  It is ultimately an
integrity test within the DNS hierarchy.  If the resolver
associated with the user's application is not DNSSEC-validating
and within that user's trust boundary, then relying on DNSSEC
for protection is only as good as the intermediate trust
situation, e.g., whether the client user trusts the testing and
validity assertions of her ISPs forwarding DNS system.   There
is reason to not do that.  First, it may have changed but at
least up to some years ago, those ISP "DNS servers" were much
more often compromised than, e.g., authoritative servers for
root or TLD domains.  Second, some ISPs have discovered that
that they have economic or political incentives to alter DNS
queries or responses.  Enough have done so under various
circumstances to discourage uncritical trust.

The other end is equally bad.  DNSSEC protects the integrity of
data already stored in the DNS.  But, if the proverbial Bad Guy
can compromise a domain name registrar and register a name that
is misleading or otherwise problematic, certificates tied to
that name may not be very useful, especially as assertions of
good and upright behavior associated with, e.g., mail traffic.
Whether DANE-type certificates that depend on DNSSEC and
registrar integrity are more of less trustworthy than PKI-type
certificates that depend on certificate chains,
low-assertion-quality certificates, and CA integrity is an
interesting question... but one that might easily be resolved by
a race to the bottom.

   john


<Prev in Thread] Current Thread [Next in Thread>