Re: dnssec discussion today at noon

[Brad Knowles <brad.knowles@skynet.be>]

At 12:15 AM +0859 2002/07/18, Masataka Ohta wrote:

>  Shared key cryptography can be a protection from the MITM attack.

	They are subject to replay attacks.

>  I'm teching you Schneier (whoever he is) is wrong, then.

	If you're talking about cryptography or computer security and you 
don't know who Schneier is, then you don't know anything useful about 
cryptography or computer security.

	Go buy _Applied Cryptography: Protocols, Algorithms, and Source 
Code in C_, _Secrets and Lies: Digital Security in a Networked 
World_, _The Electronic Privacy Papers: Documents on the Battle for 
Privacy in the Age of Surveillance_, and _The Twofish Encryption 
Algorithm: A 128-Bit Block Cipher_, and then come back when you're 
done reading them.

>  Then, you are blindly belive CAs are secure.

	No.  They are one part of the overall security scheme.

>  Even if they were, the reality is that most clients never checks
>  whether the transaction use https or http.

	This has nothing to do with https or http.  What this does have 
to do with is ensuring that the IP address you send your https or 
http stream to is actually the server you want, and not some other 
site that has managed to poison the cache of your nameservers and 
trick you into routing your packets to them, which they then forward 
to the real site, and vice-versa.

>  you can't identify the person to be blamed for.

	If the servers hand out incorrect data because their cache has 
been poisoned, you are right that it is difficult to point the finger 
at any one person or organization, or group of people or 
organizations.

	If the servers hand out incorrect data because their cache has 
been poisoned, and the reason their cache is *capable* of being 
poisoned is because one moron stood up and convinced everyone that 
implementing a technology to help prevent this problem was a bad 
idea, then the finger can most definitely be pointed at that one 
moron.

>  Even if you can, have you ever checked standard contract of CAs? How
>  much is the upper limit of compensation for failed transaction?

	Who needs civil law?  Go after them as they did with Eugene 
Kashpureff, and put the sucker in jail!

>  Have you ever heard about things called CHAP?

	There is nothing in the field of cryptography that can begin to 
compare with a properly implemented one-time pad.  This is a known 
fact.

	If you want to talk about algorithms that might be "good enough", 
that's a whole different matter.

>  You don't have to send your password in plain text over the wire.

	Of course not!  You can encrypt it!

	But how can you really be sure that you're sending the encrypted 
password to the right server?  A shared secret doesn't work, because 
that is subject to replay attacks.  You really want something more 
robust than that, such as provided by PKC.

>>  	So there are multiple screwed-up CAs.  DNSSEC and DS will be an
>>  improvement over what we've got now, and we will have a smaller set
>>  of problems to deal with once they are in wide use.
>
>  The more complex protocol, the larger set of problems.

	No, because we will have exchanged the larger problem of 
unauthenticated IP addresses for the smaller one of making sure that 
the CAs are properly operating.  Moreover, we probably won't be using 
the same CAs as are used today with https, and even if we are, they 
have a much simpler problem to solve.

>  Exactly. The real world is not using CAs.

	Riiiiiiiiiiiiiiiiight.  What rock have you been sleeping under?

-- 
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.