Michael StJohns wrote: > > DNSSEC seems to be picking on PKIX and vice versa > - maybe the right answer is both?
In theory, PKIX could provide real value. In practice, the PKIX abuse commonly described as "TLS PKI" that performs a non-popup server endpoint identification with the help of target DNS hostnames has infinitesimal close to zero value over DNSSEC. Conceptually, limiting the certificates that can be used to provide servers on specific DNS hostnames to certificates explicitly listed by the DNS admin would significantly reduce the huge attack surface of the existing "TLS PKI" with >100 independent pre-configured trust-anchors in most TLS client software. > > DNSSEC provides a "secure" association FROM the name TO the IP address. > But the DNS domain owner tends not to be the host owner so this asserted > association may not reflect the intent of the host owner. > Also, DNSSEC doesn't protect from IP hijacking (re-routing). Incorrect characterisation. DNSSEC provides only for secure distribution of DNS records. Whether the distributed DNS records are accurate or trustworthy is a completely distinct issue. > > PKIX provides a "secure" association TO/FROM "a" name to a public key. This "secure" association is limited to specific "vetted" attributes (which may or may not be described in a legalese Certificate Practice Statement (CPS)), with one notable and serious exception: Any occurrence of a DNS hostname in a PKIX cert is based entirely and completely on the DNS delegation records, and all of the popular non-prompting server endpoint identification completely ignores all carefully reviewed cert attributes and relies _completely_ on the DNS hostnames based on the DNS delegation records. > > The host owner holds the private key and can prove "ownership" of the > related public key. But the host owner tends not to be the domain > owner so the asserted association may not reflect the intent of the > DNS domain owner. While this may be true in practice, the domain owner is a person that is definitely entitled to get certs issued for hostnames in his domain from most (probably all) "TLS PKI CAs" and the domain owner is also the one that can create and is entitled to distribute arbitrary DNS records in his DNS domain through DNS and DNSSEC protocols. Authentication that should reliably exclude the DNS admin for a servers DNS hostname from acquiring a "valid" server cert, will need to completely ban the DNS hostname from the server endpoint identification. One means to do this would be to securly authenticate the server by his public key, also called "certificate pinning", also mentioned here http://www.w3.org/TR/wsc-ui/#selfsignedcerts Selective trust and trust being affected by repeated encounter is evolutionary heritage and intrinsic to every mammal and most human beings. Unfortunately, some TLS-clients make it increasingly difficult to practice such evolutionary proven approaches to server endpoint identification. -Martin _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
