On Sun, Aug 10, 2014 at 10:36:29AM -0400, John C Klensin wrote:
[...]
DNSSEC is most decidedly a PKI, with roughly the same security and
naming semantics as PKIX, differing only in the details.
DNSSEC is also decidedly superior to the Web PKI, mainly because DNSSEC
has strong naming constraints, while the Web PKI has none to speak of,
and because DNSSEC truly has a single root (for now) and is truly
hierarchical, while the neither is true of the Web PKI.
As far as naming goes, both PKI and DNSSEC have equivalent semantics for
what PKIX calls dNSName. There are names that PKIX supports or could
that DNSSEC can't easily, but that's of little interest here.
DNSSEC has nothing like CPS, but CPS is a fiction, and if it weren't it
could easily be added to DNSSEC anyways.
DNSSEC does have problems:
- The same "CAs can MITM" problem as PKIX. DNSSEC is much better than
the Web PKI for this because there's many fewer CAs (registrars) that
can MITM any given domain in DNSSEC than in the Web PKI.
- DNSSEC does not provide confidentiality of protection for lookups and
answers (while PKIX has no real directory service to speak of).
- DNSSEC currently uses relatively small RSA keys, and large keys make
for amplification attack problems. This can be fixed by sprinkling
some DJB crypto technology, namely EdDSA.
By all means talk about the above problems if you like, but don't spread
FUD about DNSSEC. DNSSEC is absolutely not worse than the Web PKI
(unless you think the small RSA keys are a bigger problem than all the
problems the Web PKI has, and if you do, I've a bridge to sell you).
Nico
--