Nicholas Weaver wrote:
>>That is, DNSSEC is not secure cryptographically, which is another
>>reason why not to deploy DNSSEC.
> I don't see what your argument here is.
>
> DNSSEC is a "PKI in disguise", and like ANY PKI, you still depend
> on trust up the heirarchy,
Yes, you do understand the problem.
> But DNS has ALWAYS depended on trust-up-the-heirarchy anyway,
> so this aspect of DNSSEC doesn't increase the level of trust
> required in DNS,
The problem is that DNSSEC was wrongly advertised to increase
the level of security.
The reality, however, is that ISPs are as secure/reliable/trustable
as zones, which means DNSSEC does not increase the level of security.
> it IS a PKI
PKI is broken, of course. So?
> Additionally, since it would be end-host application validating
> those signatures, it can enforce that "there must exist a
> signature path from the root" (aka, it is actually a PKI). [1]
The meaningful security for end hosts is that the security is
broken only if one of the end hosts is compromised, which means
fate sharing, whereas, with DNSSEC, end hosts can do nothing if
intermediate zones are compromised.
> [1] Thus, you don't have to worry about also needing the name
> path for the resolvers signed or the DOS attack by a MitM
> stripping signatures as part of their changing DNS results.
MitM of a zone chain can easily change DNS results.
Masataka Ohta
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
