On Wed, Aug 06, 2014 at 10:54:36PM +0000, Viktor Dukhovni wrote:
On Wed, Aug 06, 2014 at 06:39:37PM -0400, John C Klensin wrote:
[MITM attack by compromised DNS registrar text elided.]
If folks want to continue this nuanced tangential discussion,
perhaps a separate thread on saag, or on Perry's cryptography list
would be more appropriate. I'm having a hard enough time keeping
track of all the on-topic LC mail.
DNSSEC is a PKI, with all that that implies, yes.
Mitigations for PKI's compromised-issuer MITM vulnerability:
- Strong naming constraints
Check! The most important mitigation is already there. DNSSEC has
and necessarily had to have strong naming constraints from the get
go.
- CT
CT for DNSSEC should fall squarely into trans WG's remit (if not now,
then after a charter update to make it so).
Trans WG already has been discussing CT for DNSSEC!
- Pinning
Pinning of services' public keys/intermediate issuer at the
application layer is completely orthogonal to DNSSEC. If you're
already pinning, then you are already mitigating this problem.
- Things like Perspectives (which IIUC is not being pursued any longer).
Nico
--