To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Brad Knowles <brad.knowles@skynet.be>
Cc:
Mark.Andrews@isc.org, namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Wed, 17 Jul 2002 19:53:39 +0200
In-Reply-To:
<200207171515.AAA11341@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
Subject:
Re: dnssec discussion today at noon
At 12:15 AM +0859 2002/07/18, Masataka Ohta wrote: > Shared key cryptography can be a protection from the MITM attack. They are subject to replay attacks. > I'm teching you Schneier (whoever he is) is wrong, then. If you're talking about cryptography or computer security and you don't know who Schneier is, then you don't know anything useful about cryptography or computer security. Go buy _Applied Cryptography: Protocols, Algorithms, and Source Code in C_, _Secrets and Lies: Digital Security in a Networked World_, _The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance_, and _The Twofish Encryption Algorithm: A 128-Bit Block Cipher_, and then come back when you're done reading them. > Then, you are blindly belive CAs are secure. No. They are one part of the overall security scheme. > Even if they were, the reality is that most clients never checks > whether the transaction use https or http. This has nothing to do with https or http. What this does have to do with is ensuring that the IP address you send your https or http stream to is actually the server you want, and not some other site that has managed to poison the cache of your nameservers and trick you into routing your packets to them, which they then forward to the real site, and vice-versa. > you can't identify the person to be blamed for. If the servers hand out incorrect data because their cache has been poisoned, you are right that it is difficult to point the finger at any one person or organization, or group of people or organizations. If the servers hand out incorrect data because their cache has been poisoned, and the reason their cache is *capable* of being poisoned is because one moron stood up and convinced everyone that implementing a technology to help prevent this problem was a bad idea, then the finger can most definitely be pointed at that one moron. > Even if you can, have you ever checked standard contract of CAs? How > much is the upper limit of compensation for failed transaction? Who needs civil law? Go after them as they did with Eugene Kashpureff, and put the sucker in jail! > Have you ever heard about things called CHAP? There is nothing in the field of cryptography that can begin to compare with a properly implemented one-time pad. This is a known fact. If you want to talk about algorithms that might be "good enough", that's a whole different matter. > You don't have to send your password in plain text over the wire. Of course not! You can encrypt it! But how can you really be sure that you're sending the encrypted password to the right server? A shared secret doesn't work, because that is subject to replay attacks. You really want something more robust than that, such as provided by PKC. >> So there are multiple screwed-up CAs. DNSSEC and DS will be an >> improvement over what we've got now, and we will have a smaller set >> of problems to deal with once they are in wide use. > > The more complex protocol, the larger set of problems. No, because we will have exchanged the larger problem of unauthenticated IP addresses for the smaller one of making sure that the CAs are properly operating. Moreover, we probably won't be using the same CAs as are used today with https, and even if we are, they have a much simpler problem to solve. > Exactly. The real world is not using CAs. Riiiiiiiiiiiiiiiiight. What rock have you been sleeping under? -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.