On Sat, Oct 26, 2013 at 01:11:26PM +0100, Jim Reid wrote:
> On 26 Oct 2013, at 12:59, Masataka Ohta <[email protected]>
> wrote:
>
> > a serious vulnerability of, so called, DNSSEC is lack of secure time.
> > some security novices innocently believed GPS time were automagically
> > secure.
> > That is, so far, there is no way to have really secure DNSSEC.
>
> Rubbish!
>
> If good timekeeping matters so much to DNSSEC, there are plenty of sources of
> reliable time. For most people, NTP will be good enough. The paranoid might
> choose Secure NTP. The really paranoid will have multiple time sources other
> than GPS: eg the radio clocks operated by many national standards institutes
> and/or the EU, Russian and Chinese(?) equivalents of GPS. The really, really
> paranoid will operate their own atomic clocks.
>
In Ohta-sans world, secure hinges on being idempotent from the silicon,
the assembler, compiler, binaries and data. If any of these attributes
is or can be compromised - its not secure.
DNSSEC depends on time e.g. not idempotent == not secure.
What really is happening is that DNSSEC is a risk management tool.
DNSSEC can measureably reduce the risk of bad data. It does introduce
new risk, in the form of timeing attacks, but the tradeoffs generally
are presented as acceptable to most folk.
/bill
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
