Re: [DNSOP] DNSSEC as a Best Current Practice

Mon, 11 Apr 2022 06:20:03 -0700 

Paul Wouters wrote:


First, "CA" is terminology not specific to WebPKI, whatever it
means, but PKI in general including DNS. That is, a DNSSEC TLD is a
CA.



This is incorrect.


First, thank you very much for an evidence that discussion is
still continuing.

Anyway,

        https://en.wikipedia.org/wiki/Public_key_infrastructure
        In cryptography, a PKI is an arrangement that binds public
        keys with respective identities of entities (like people
        and organizations). The binding is established through a
        process of registration and issuance of certificates at
        and by a certificate authority (CA).

Do you still insist that CA is terminology specific to WebPKI
not PKI in general?


In your favourite
terms, diginotar as DNSSEC entity would have only been able to mess
up .nl and not any other TLD,


The fact is that diginotar actually supported government PKI of NL,
which is why the problem is so serious.

As for DNSSEC, we can be sure that national TLDs are not so secure.


You keep conflating operational security with protocol security, and 
insisting protocol security is not needed because operational

security is always the weaker link.


Your previous statement:

: At the TLD level
: and higher, this involves HSMs and physical access restrictions
: using a "four eyes minimum" approach.

is an evidence that operational security is required because
DNSSEC is not secure merely by protocol security.

I don't deny DNSSEC has some protocol security, but the
problem is that it is not complete and useless without
operational security.


But you are not offering any alternative ("larger plaintext cookies" 
is not a security protocol)


Cookies and DNSSEC, subject to active MitM attacks, are
equally secure.


So please tell me why you use TLS at all? Why not force your browser > into 
only using port 80? You can also use extra long HTTP header
cookies.


With compromised intermediate CAs and ISPs, TLS and plain http with
long enough cookies are equally secure against active MitM attacks.

The difference is that, unlike cookies, TLS is safe against passive
MitM attacks of packet snooping.

So?

                                                Masataka Ohta

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop



























					Reply via email to