[What's with the spam crap in the subject?] On Tue, May 13, 2014 at 12:49 PM, Daniel Kahn Gillmor <[email protected]> wrote: > On 05/13/2014 11:24 AM, Nico Williams wrote: >>> I don't get why Alice would want to do this - all Alice cares is that >>> example.co.uk is correctly issued, right? >> >> To detect MITM attacks by uk. on her peers. > > Yes, this is why Alice should care. Note that "peers" means > "communication partners", and not "other registrants within the .co.uk > public registry".
Yes. > so in order to detect misissuance in a DNSSEC CT model, Alice would need > to review the logs of every zone above hers in the hierarchy. does that > sound right? Yes. >> Right, . won't want to share a log with com., no doubt. But that's >> not an answer to Daniel's question, which is about whether Alice's >> auditing job is easier or harder in the DNSSEC case compared to the >> PKI case. IMO it's easier; I explained my answer separately. > > I can see the argument for it being cheaper in the DNSSEC case. > > I do wonder what we can then *do* about a detected misissuance in > DNSSEC, though. Publicize the event. That's all you can do. Given a trusted-third-party introducer model, it isn't possible to prevent MITM attacks. At _best_ you can detect them. The handling of revealed (detected or otherwise) MITM attacks is an entirely political problem. > For CAs in the X.509 CT, what we can do is encourage browser vendors to > drop that CA from their trusted root store (e.g. the diginotar "death > sentence"). We can't even do that. We can only shine sunlight on CA problems. > for DNSSEC, it sounds like we'd need to threaten to drop the whole zone, > which seems unlikely. Are there other recourses that could be taken by > an "interested party" who detects misissuance of one of their zones? No, we cannot take action beyond deploying a protocol that makes some/most MITM attacks by TTPs evident. Anything else is fantasy that will shortly crash into the rocky shores of reality. (Apologies for the strong words.) There are two or three sub-types of political problems here. All are clearly out of scope for the IETF, so I won't bother listing them. The IETF simply cannot address layer 9 problems directly. All we can hope to do here is to deploy measures that make it harder for MITMing by TTPs to go undetected. We probably can't even _directly_ cause TTP MITM events to be publicized. Nico -- _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
