To:
Brad Knowles <brad.knowles@skynet.be>
CC:
Mark.Andrews@isc.org, namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Wed, 17 Jul 2002 10:30:58 +0859 ()
In-Reply-To:
<a05111b07b959e597823f@[10.9.8.228]> from Brad Knowles at "Jul 16,2002 05:07:47 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: dnssec discussion today at noon
Brad; > >> And what does this have to do with DNSSEC? > > > > The theory explains the reality that public key cryptography > > (including DNSSEC) is not used for serious purposes. > > Not used for serious purposes?!? No, not at all. > Okay, let's have you run a B2B > website where billions of dollars can be moved with the click of a > single mouse button. Now, we have to ensure that you really are > interacting with the real B2B website and not some clever fake, or > worse, some site that performs a man-in-the-middle attack on you > while you are conducting a real transaction, so that they can later > go in and conduct multiple fake transactions. Are you saying that the B2B website gladly accept a billion dollar order from some unkown company just because a CA says the company's domain name is not faked? Purely techinically, if secret is shared between the website and the company, shared key cryptography protect you from a clever fake and a MITM attack. But, it is not enough credential to perform serious commercial transaction. The website should check credit status of its members. > How about home banking? Sure, hundreds, thousands, tens of > thousands, etc... of dollars may not be a whole lot of money to you, > but they may be the entire life savings of a family. Multiply that > by 250 million people in the US alone, and you're talking about some > real money. Protection for home banking is by shared secret. > > Such security is not useful for serious purposes, when no one is > > really responsible if your transactions are spoofed. > > Okay, so we can all sue you for billions and trillions of dollars > worth of damages when someone spoofs a DNS response packet which then > leads us to be vulnerable to man-in-the-middle attacks. Huh? You can't ask root server operators for compasation for billions and trillions of dollars worth of damages when someone spoofs a DNS response. Serious users protect them with shared secret. They don't blank-mindedly rely on CAs not really offerring any serious compasation. > No, in both cases. There are a multitude of heinously screwed up > servers in this world, and a multitude of heinously screwed up > routers, too. And, there will be multiple screwed up CAs. Or, are there already? So, have weakly secure Internet and DNS as a infrastructure and don't rely on intermediate entities of servers, routers or CAs. Masataka Ohta