Mukund Sivaraman wrote:
: Third, all the CAs, including TLDs, pursuing commercial
: success have very good appearance using such words as
: "HSMs" or "four eyes minimum". That is, you can't
: compare actual operational/physical strength from
: their formal documents.
This is an anecdote, that a logical reasoned argument.
That's your anecdote to mention "HSMs" or "four eyes minimum"
proven to be useless by diginotar.
(From your posts in this thread, you appear well convinced that
cryptography is broken due to operational weaknesses in securing access
to signers. So I don't know if this will convince you differently.)
I'm afraid you miss my point that intermediate zones between
the first and the second parties are the third parties having
no knowledge of required security on transactions between the
first and the second parties.
That DNSSEC is not cryptographically or end-to-end secure
means third parties must be absolutely secure, which is,
as was demonstrated by diginoar, impossible.
OTOH, with the end-to-end security where secret information is
shared directly between the first and the second parties, the
parties know the degree of the required security.
HSMs don't have anything to do with DNSSEC's security guarantee.
If so, feel free to put private keys accesible from general public.
An operational decision
leading to weakness doesn't mean that the cryptographic foundation of
DNSSEC is broken or cannot be secured.
Of course. DNSSEC, certainly, has some components which is
cryptographically secure.
But, as you should know, security of a system depends on the
weakest components of the system.
As such, that some secure components are secure do not
mean the system is secure.
On the topic of leak of private key or access to signers by rogue
parties, there have been experiments to use threshold cryptography
with DNSSEC where the actual private key is not present in any > single form, but
distributed as "key shares" among N parties, and
"signature shares" are generated separately by M out of N parties
> and combined to make the final signature.
Relying on two or more third parties is no better than relying on
single third party, when all of them are not cryptographically
but physically secure.
As was demonstrated by diginotar, "four eyes minimum" is not
so secure. So are six or more eyes.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
