Rip Loomis;
> > > Note too that with CRL's, the incident above was easily rectified -
> > > in applications that fully implemented X.509 processing.
> >
> > Unfortunately for you, CRL is another example on why CA-based security
> > is useless.
> >
> > Namely, there is no proper period to check CRL.
> >
> > CAs, the intelligent intermediate systems having no knowledge on the
> > requirement of applications, set the period, which is inappropriate
> > for most applications.
>
> There's nothing preventing an application checking very very often--
> but a CA might not update a CRL in a timely manner. That's one of
> the reasons for OCSP responders. But this is way off topic for this
> mailing list, so let's stick to the non-CA, non-X.509 methods that are
> actually going to be *used* in DNSSEC.
Name servers of secure DNS are CAs.
> > > >What Masataka Ohta IMHO tries to say is that it is at best nice to
> > > >have a signed root zone, but you will not gain /any/
> > > >increase in security.
> > >
> > > The goal of security is to limit the damage of an (unauthorized)
> > > action. (With "damage" being inherently "bad stuff.") Significant
> > > subgoals of security are to lower the chance (probability) that an
> > > unauthorized action will have any impact, limiting the impact to a
> > > small set of assets, and limiting the duration of the impact.
> >
> > That's why shared key cryptography, which limits the impact of
> > compromized security to the small set, members of which are directly
> > involved in the action, is the way to go.
>
> You simply must be missing something in the last several years of
> discussions, and in the history of cryptography. Use of a symmetric/
> shared/secret key algorithm might be appropriate for systems/organizations
> with a pre-existing relationship--and in fact that's why such a scheme
> is being used for TSIG.
The problem is that cryptography is just a technology incapable
of creating credential.
Cryptography offers secure transport of pre-exsiting credential
through the pre-existing relationship.
> But the key management problems of a symmetric
> algorithm increase significantly when more one-to-one "conversation"
> keys are needed,
Shared keys are needed only when there is pre-existing relationship.
If there is pre-existing relationship, keys can be shared through
the relationship.
> Perhaps you live in a world where the only people whom you need to
> communicate with are those with whom you've already established a
> secure/authenticated communications link to support key exchange.
Exactly.
Note that, in general, we communicate over multiple link layers that
end entities do not have to directly communicate/authenticate each other.
> For the problem of "I need to be able to verify, when pulling data
> from a DNS cache at point C, that it was authentic when it left the
> authoritative server at point A and hasn't been changed since",
That is not a problem of practical usefullness.
Or, how much is compasated from compromized root server operators?
In the real world, abstract security of PKI or seucre DNS is
completely useless.
> Anyone who performs any transaction worth "zillions of dollars" based
> only on DNS today is an idiot. Anyone who performs any transaction worth
> "zillions of dollars" based only on (DNS+DNSSEC signed zones) at some
> point in the future is an idiot. What's your point? As one part of
> a set of security features, DNSSEC signed zones have a place--which is
> in no way meant to imply that SSL/TLS, or any other authentication/
> authorization scheme, will suddenly be useless.
The real security is based on the pre-existing relationship.
Anyone who relies on something else is an idiot.
Masataka Ohta
#----------------------------------------------------------------------
# To unsubscripbe, send a message to <[EMAIL PROTECTED]>.
