Bill Stewart
Sun, 25 Oct 2009 10:16:59 -0700
At 12:14 PM 10/22/2009, David Wagner wrote:
Back to DNSSEC: The original criticism was that "DNSSEC has covert channels". So what? If you're connected to the Internet, covert channels are a fact of life, DNSSEC or no. The added risk due to any covert channels that DNSSEC may enable is somewhere between negligible and none, as far as I can tell. So I don't understand that criticism.
I thought it was also that DSA had covert channels, but I also don't see why that's as relevant here, and I share Dave's skepticism about threat models. It's unlikely that DNSSEC will let you do anything any more heinous than Dan Kaminsky's streaming-video-over-DNS hacks have already done. There are two obvious places that data can be leaked - the initial key signature process, and the DNS client/server process. If the people who certify the root or TLDs can't be trusted, the number of those people is small enough that they can simply send the secret data to their unindicted co-conspiratorswithout all the trouble of hiding it in a covert channel on a very public DNS server.
And if Bad Guys have compromised the software used in a DNS server, while they could be subtle and hide data in DSA signatures of DNS records, it would be much easier to just send it as data if the query has the evil bit set or asks for covertchannel1.com or whatever. There's plenty of room in the formats even without DSA. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com