On Mon, May 12, 2014 at 12:54 PM, Joseph Bonneau <[email protected]> wrote: >> Clients (lazily perhaps). The public. Domain owners. Registrars. > > Certainly possible, but I wonder how much this will happen in a world of > thousands of DNSSEC-CT logs existing for various domains. Some of them
The ones that matter most are the TLDs and the root. Those get so many users that they will be caught MITMing, if they do. > With CT for x.509 certs the assumption is that smaller number of logs are > run which are very important and any screwup is a BFD. I don't know if that > assumption scales to thousands of DNSSEC-CT logs. You're assuming I zones below the ones that matter audited, but I don't. I want the root ones audited -- same as with the TLS server PKI. Why would I have wanted anything else? >> Remember, com. and . cannot merely MITM foo.bar.com. com. would have >> to MITM bar.com. as well. And . would have to MITM com. too. These >> would be noticeable. > > What about a compelled creation attack (or undetected key compromise) where > malicious entries are signed by the genuine evil.com key? For example, say > evilhosting.com gives me jbonneau.evilhosting.com and I care that they only > sign my records for this domain so that nobody can MITM my site. But they > secretly agree to give the government of Elbonia a signed record for my > domain and then fail to log them properly. They can do this without any > compromise or intervention of com, right? If evilhosting.com has lots of customers, then they'll help audit it, else they might not. At any rate, the first-order problem in a hierarchical public key system is keeping the roots and intermediates closest to the roots honest. Nico -- _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
