Nico Williams <nico(_at_)cryptonector(_dot_)com> wrote:
Mitigations for PKI's compromised-issuer MITM vulnerability:
- Strong naming constraints
Check! The most important mitigation is already there. DNSSEC has
and necessarily had to have strong naming constraints from the get
go.
Sort-of related to this is the concept of delegation-only zones. If you
get a signature for www.example.dodgy from the .dodgy keys rather than the
example.dodgy keys, you know something is not right. DNSSEC can sometimes
spot this if the validator has previously cached the zone cut. The idea of
enforcing delegation-only zones is somewhat contentious and it causes
interoperability problems in practice - and AFAIK the existing
delegation-only code only constrains resolution not validation.
(Historical note: I believe early versions of DNSSEC did not have such
strong coupling between the naming hierarchy and the signing hierarchy.
See RFC 3008.)
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
Thames: Variable 3, becoming east 4 or 5. Slight, occasionally moderate later.
Rain later. Good, occasionally poor later.