RE: WEP cracked even worse
On 04 April 2007 00:44, Perry E. Metzger wrote: > Not that WEP has been considered remotely secure for some time, but > the best crack is now down to 40,000 packets for a 50% chance of > cracking the key. > > http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ Sorry, is that actually better than "The final nail in WEP's coffin", which IIUIC can get the entire keystream (who needs the key?) in log2(nbytes) packet exchanges (to oversimplify a bit, but about right order-of-magnitude)? cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
DNSSEC to be strangled at birth.
Afternoon all, This story is a couple of days old now but I haven't seen it mentioned on-list yet. The DHS has "requested the master key for the DNS root zone." http://www.heise.de/english/newsticker/news/87655 http://www.theregister.co.uk/2007/04/03/dns_master_key_controversy/ http://yro.slashdot.org/article.pl?sid=07/03/31/1725221 Can anyone seriously imagine countries like Iran or China signing up to a system that places complete control, surveillance and falsification capabilities in the hands of the US' military intelligence? I could see some (but probably not even all) of the European nations accepting the move at face value and believing whatever assurances of safeguards the DHS might offer, but the rest of the world? No way. Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread non-acceptance. And unless it's used everywhere, there's very little point having it at all. cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
On Wed, Apr 04, 2007 at 05:51:27PM +0100, Dave Korn wrote: > Can anyone seriously imagine countries like Iran or China signing up to a > system that places complete control, surveillance and falsification > capabilities in the hands of the US' military intelligence? How is this any different from plain-old-DNS? Except that now the number of attackers is limited to one - instead of worrying about the US or China or UK or India or Russia or whoever falsifying DNS records, you just have to worry about the US. And if/when you catch them at it, you know exactly who did it. -Jack - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
> The DHS has "requested the master key for the DNS root zone." > Can anyone seriously imagine countries like Iran or China signing up > to a system that places complete control, surveillance and > falsification capabilities in the hands of the US' military > intelligence? For anyone who hasn't been paying attention, the root zone is maintained by IANA which since February 2000 has been run by ICANN under a contract with the US Department of Commerce. DOC calls the shots and always has. I don't understand any better than anyone else why DHS sent out a press release that can accomplish nothing but get people upset, but at most this is a turf battle between two cabinet departments. The war was over seven years ago. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "More Wiener schnitzel, please", said Tom, revealingly. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
At 5:51 PM +0100 4/4/07, Dave Korn wrote: Can anyone seriously imagine countries like Iran or China signing up to a system that places complete control, surveillance and falsification capabilities in the hands of the US' military intelligence? No. But how does having the root signing key allow those? Control: The root signing key only controls the contents of the root, not any level below the root. Surveillance: Signing keys don't permit any surveillance. Falsification: This is possible but completely trivially detected (it is obvious if the zone for furble.net is signed by . instead of .net). Doing any falsification will cause the entire net to start ignoring the signature of the root and going to direct trust of the signed TLDs. Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread non-acceptance. More than it is now? And unless it's used everywhere, there's very little point having it at all. Fully disagree. Many ISPs and individuals will be happy to do direct trust of the significant zones (com/net/org plus maybe their local ccTLD) and simply ignore signatures on the rest. This has already been well-discussed in the ISP community even before this event: many are not sure they trust ICANN itself, much less its current "sponsor". Note that I'm not supporting the US signing the root in the least. I'm just saying that predicting doom is grossly premature. --Paul Hoffman, Director --VPN Consortium - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
"Dave Korn" <[EMAIL PROTECTED]> writes: >Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread >non-acceptance. I realise this is a bit of a cheap shot, but: How will this be any different from the current situation? Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: WEP cracked even worse
On Apr 4, 2007, at 03:38 , Dave Korn wrote: On 04 April 2007 00:44, Perry E. Metzger wrote: Not that WEP has been considered remotely secure for some time, but the best crack is now down to 40,000 packets for a 50% chance of cracking the key. http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ Sorry, is that actually better than "The final nail in WEP's coffin", which IIUIC can get the entire keystream (who needs the key?) in log2 (nbytes) packet exchanges (to oversimplify a bit, but about right order-of-magnitude)? Hi Dave, this of course is a question of how you value an attack: a key recovery usually is worth more than a decryption oracle. To send arbitrary packets with the fragmentation attacks described in [1, Section 2.6], you need just a single (suitable) data packet. However, in order to decrypt packets, you need either 2 (connectivity to other networks that you have a host on that you can control, e.g the internet) or approx. 2^7 packets (no access to outside hosts) _per byte_ that you want to decrypt. Our method surely pays of if you want to decrypt more than a handful of packets. Cheers, Ralf [1] Andrea Bittau, Mark Handley, Joshua Lackey The Final Nail in WEP’s Coffin IEEE Symposium on Security and Privacy 2006, http://doi.ieeecomputersociety.org/10.1109/SP.2006.40 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
Dave, For the purposes of discussion, (1) Why should I care whether "Iran or China" sign up? (2) Who should hold the keys instead of the only powerful military under democratic control? (a) The utterly porous United Nations? (b) The members of this mailing list, channeling for the late, lamented Jon Postel? (c) The Identrus bank consortium ("we have your money, why not your keys?") in all its threshhold crypto glory? (d) The International Telecommunication Union? (e) Other: _ Hoping for a risk-analytic model rather than an all-countries-are-created-equal position statement. --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
On Wed, Apr 04, 2007 at 05:51:27PM +0100, Dave Korn wrote: > > Afternoon all, > > This story is a couple of days old now but I haven't seen it mentioned > on-list yet. > > The DHS has "requested the master key for the DNS root zone." > > http://www.heise.de/english/newsticker/news/87655 > http://www.theregister.co.uk/2007/04/03/dns_master_key_controversy/ > http://yro.slashdot.org/article.pl?sid=07/03/31/1725221 The story makes no sense, so I am inclined to discount it. This is a signing key, not an encryption key, there is no reason for the DHS to have it, so I am assuming that they won't have it, and perhaps the story is the result of confusion/incomptence somewhere. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: DNSSEC to be strangled at birth.
On 05 April 2007 16:48, [EMAIL PROTECTED] wrote: > Dave, > > For the purposes of discussion, > > (1) Why should I care whether "Iran or China" sign up? I think it would be consistent to either a) care that *everybody* signs up, or b) not care about DNSSEC at all, but I think that a fragmentary uptake is next to useless. As indeed the current situation provides evidence may be the case. > (2) Who should hold the keys instead of the only powerful > military under democratic control? > > (a) The utterly porous United Nations? > > (b) The members of this mailing list, channeling > for the late, lamented Jon Postel? > > (c) The Identrus bank consortium ("we have your > money, why not your keys?") in all its threshhold > crypto glory? > > (d) The International Telecommunication Union? > > (e) Other: _ > > Hoping for a risk-analytic model rather than an > all-countries-are-created-equal position statement. Strawman. Not what I said at all. FWIW, however, I would like to see them held by a multinational civilian organisation. That could be a UN or ITU body, or an ICANN or IETF/IANA offshoot, there are many possibilities. The *important* point is that we have strategies and techniques available to us in democracies to prevent corruption or abuse of power: we have separation of powers, and bodies that bring together conflicting interests to share power in the theory that if anyone tries to get up to anything, the others will be watching, and since they have conflicting interests they are unlikely to collude. This seems to me to be a viable principle for management of internet infrastructure. Placing it all in the hands of a single interest group - whether that be the US (or anybody else's) military, the RIAA, or Bun-Bun the mini-lop, is a single point of failure for corruption/abuse resistance. BTW, there are lots of other reasons not to trust a military: lack of accountability and oversight. You were the first to mention democracy: just because the US army is the army of a democracy does not mean that it is in itself democratic. cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: DNSSEC to be strangled at birth.
Dave mentioned: # Can anyone seriously imagine countries like Iran or China signing up to a #system that places complete control, surveillance and falsification #capabilities in the hands of the US' military intelligence? I'm not sure having control of the keys for the root zone would give you all that. # Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread #non-acceptance. And unless it's used everywhere, there's very little point #having it at all. This issue came up on Dave Farber's [IP] list; my comments to him (which never appeared, perhaps because Dave was already sick of hearing about it, or simply because my comments were boring :-)) are included below, for what they may be worth: Three points to consider about the current DNSSEC "who should signs the root?" issue... 1) While DNS is a critical core protocol, and one which has garnered substantial miscreant attention, deployment of DNSSEC to fix some of DNS' current weaknesses is still only embryonic. Most sites on the Internet today neither sign their own zones nor have configured their name servers to cryptographically validate others' domains. Numerical estimates for DNSSEC penetration range from just 0.001% to 0.0015% (see slides 74-75 in my "Port 53 Wars" talk, available at http://www.uoregon.edu/~joe/port53wars/port53wars.ppt (or .pdf)), and the domains that *are* getting secured by DNSSEC are generally not the most popular domains, nor the ones which are being used for critical online banking or electronic commerce, nor even those which belong to market-leading (or thought-leading) technology companies. When DNSSEC is more broadly deployed it will be more practically useful; when it is more practically useful, it will be more broadly deployed. I'm sure it is no surprise to anyone that Internet bootstrapping can be tough, whether we're talking about IP multicast, IPv6, jumbo frames, or, in this case, DNSSEC... Until substantial adoption does occur, we're largely arguing about a theoretical issue of limited *practical* import. If you want to help make DNSSEC (and the issue of who signs the root!) one which *is* practically important, then folks need to *use* DNSSEC: -- if you operate name servers, configure the name servers you administer to check the DNSSEC signatures of other zones, -- if you control one or more domains, sign your *own* zones, and -- talk to critical Internet partners you work with about DNSSEC and the status of *their* name servers and *their* zones (can you imagine the impact if even some of the giants such as Google, Yahoo, CNN, the BBC, Amazon, AOL, IBM, Microsoft, Cisco, WalMart, Citibank, etc., began to actually use -- and actively encourage *others* to use -- DNSSEC?) DNS server admins who'd like to try DNSSEC can find pointers to recipes for signing their own zones, and recipes for configuring their name servers to check the signatures of others' zones, in my talk at slide 76. 2) So when *will* the question of *who* signs the root become technically important? Well, at the risk of offering a semi-tautological answer to a semi-rhetorical question, that will probably be when the root actually gets signed. The root zone is NOT signed today, and depending on your perspective, signing of the root is either (a) imminent, or (b) something which may *perpetually* remain at least six months away (see slides 55-58 from my talk). If I were reading the tea leaves which are currently visible, I think the indicator with the highest predictive value is likely Verisign's February 2007 announcement of Project Titan, a three year (and hundred million dollar) DNS upgrade initiative (see http://www.verisign.com/titan/ ). I believe their completion of Project Titan may be a defacto precondition for the potential signing of the root, although signing of the root may still not occur even once Project Titan has been completed (DNSSEC is clearly an after thought when it comes to that expansion effort, not the central operational/business driver). 3) Does this mean the whole matter of who signs the root is a complete non-issue? Most emphatically no. The issue of who signs the root is one which may be trivial as a *practical* *technical* matter *today*, but it is one which is potentially *huge* as a matter of policy and precedent, and as a *longer term* practical technical issue, and as an issue which has the potential to halt, slow, or potentially fragment DNSSEC's actual deployment. If the issue of who signs the root cannot be consensually resolved, the most likely impact will be for DNSSEC adopte
Re: DNSSEC to be strangled at birth.
Paul Hoffman <[EMAIL PROTECTED]> writes: > At 5:51 PM +0100 4/4/07, Dave Korn wrote: >> Can anyone seriously imagine countries like Iran or China signing up to a >>system that places complete control, surveillance and falsification >>capabilities in the hands of the US' military intelligence? > > No. > > But how does having the root signing key allow those? > > Control: The root signing key only controls the contents of the root, > not any level below the root. ... > Falsification: This is possible but completely trivially detected (it > is obvious if the zone for furble.net is signed by . instead of > .net). Doing any falsification will cause the entire net to start > ignoring the signature of the root and going to direct trust of the > signed TLDs. If you control the root signing key, you can sign a new zone key for, e.g., '.com' and then create whatever content you want, e.g., 'example.com' and sign it with your newly created '.com' zone key. The signatures would chain back and verify to the root key. However, in practice I don't believe many will trust the root key alone -- for example, I believe most if not all Swedish ISPs would configure in trust of the .se key as well. One can imagine a web-of-trust based key-update mechanism that avoids the need to trust a single root key. /Simon - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
* Peter Gutmann: > "Dave Korn" <[EMAIL PROTECTED]> writes: > >>Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread >>non-acceptance. > > I realise this is a bit of a cheap shot, but: > > How will this be any different from the current situation? You can see that the keys change and draw your conclusions. Right now, you need to watch the actual data, which is a bit unwieldy (2.5% daily change rate for .COM/.NET and things like that). By the way, who else has expressed willingness to hold the key, under reasonable conditions? Would it be preferable if some non-governmental organization held the keys, after receiving an indemnification guarantee from Congress? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
Simon Josefsson wrote: > However, in practice I don't believe many will trust the root key > alone -- for example, I believe most if not all Swedish ISPs would > configure in trust of the .se key as well. One can imagine a > web-of-trust based key-update mechanism that avoids the need to trust > a single root key. Indeed, and I already wrote an I-D for it: http://www.links.org/dnssec/draft-laurie-dnssec-key-distribution-01.html. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: DNSSEC to be strangled at birth.
* Simon Josefsson: > However, in practice I don't believe many will trust the root key > alone -- for example, I believe most if not all Swedish ISPs would > configure in trust of the .se key as well. There are some examples that such static configuration is extremely bad. Look at the problems with bogon filters, or how long decommissioned root server IP addresses continue to receive queries. It's not a problem if you do this for .SE as a Swedish ISP because you notice quickly that something is amiss. But if too many people do this for most TLDs, it will become practically impossible to change keys. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]