Peter Gutmann wrote:
Thierry Moreau <[email protected]> writes:
With the next key generation for DNS root KSK signature key, ICANN may have
an opportunity to improve their procedure.
What they do will really depend on what their threat model is. I suspect that
in this case their single biggest threat was "lack of display of sufficient
due diligence", thus all the security calisthenics (remember the 1990s Clipper
key escrow procedures, which involved things like having keys generated on a
laptop in a vault with the laptop optionally being destroyed afterwards, just
another type of security theatre to reassure users). Compare that with the
former mechanism for backing up the Thawte root key, which was to keep it on a
floppy disk in Mark Shuttleworth's sock drawer because no-one would ever look
for it there. Another example of this is the transport of an 1894-S dime
(worth just under 2 million dollars) across the US, which was achieved by
having someone dress in somewhat grubby clothes and fly across the country in
cattle class with the slabbed coin in his pocket, because no-one would imagine
that some random passenger on a random flight would be carrying a ~$2M coin.
So as this becomes more and more routine I suspect the accompanying
calisthenics will become less impressive.
(What would you do with the DNSSEC root key if you had it? There are many
vastly easier attack vectors to exploit than trying to use it, and even if you
did go to the effort of employing it, it'd be obvious what was going on as
soon as you used it and your fake signed data started appearing, c.f. the
recent Realtek and JMicron key issues. So the only real threat from its loss
seems to be acute embarassment for the people involved, thus the due-diligence
exercise).
I fully agree with the general ideas above with one very tiny exception
explained in the next paragraph. The DNSSEC root key ceremonies remains
nonetheless an opportunity to review the practical implementation details.
The exception lies in a section of a paranoia scale where few
organizations would position themselves. So let me explain it with an
enemy of the USG, e.g. the DNS resolver support unit in a *.mil.cc
organization. Once their user base rely on DNSSEC for traffic encryption
keys, they become vulnerable to spoofed DNS data responses. I leave it
as an exercise to write the protocol details of an hypothetical attack
given that Captain Pueblo in unito-223.naval.mil.cc routinely relies on
a web site secured by DNSSEC to get instructions about where to sail his
war ship on June 23, 2035 (using the unrealistic assumption that
Pueblo's validating resolver uses only the official DNS root trust anchor).
Regards,
Peter.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
