To:
"Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Thu, 24 Oct 2002 23:35:31 +0859 ()
In-Reply-To:
<3C1E3607B37295439F7C409EFBA08E6803B957CD@US-Columbia-CIST.mail.saic.com>from "Loomis, Rip" at "Oct 15, 2002 12:28:38 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: Interim signing of the root zone.
Rip Loomis; > > > Note too that with CRL's, the incident above was easily rectified - > > > in applications that fully implemented X.509 processing. > > > > Unfortunately for you, CRL is another example on why CA-based security > > is useless. > > > > Namely, there is no proper period to check CRL. > > > > CAs, the intelligent intermediate systems having no knowledge on the > > requirement of applications, set the period, which is inappropriate > > for most applications. > > There's nothing preventing an application checking very very often-- > but a CA might not update a CRL in a timely manner. That's one of > the reasons for OCSP responders. But this is way off topic for this > mailing list, so let's stick to the non-CA, non-X.509 methods that are > actually going to be *used* in DNSSEC. Name servers of secure DNS are CAs. > > > >What Masataka Ohta IMHO tries to say is that it is at best nice to > > > >have a signed root zone, but you will not gain /any/ > > > >increase in security. > > > > > > The goal of security is to limit the damage of an (unauthorized) > > > action. (With "damage" being inherently "bad stuff.") Significant > > > subgoals of security are to lower the chance (probability) that an > > > unauthorized action will have any impact, limiting the impact to a > > > small set of assets, and limiting the duration of the impact. > > > > That's why shared key cryptography, which limits the impact of > > compromized security to the small set, members of which are directly > > involved in the action, is the way to go. > > You simply must be missing something in the last several years of > discussions, and in the history of cryptography. Use of a symmetric/ > shared/secret key algorithm might be appropriate for systems/organizations > with a pre-existing relationship--and in fact that's why such a scheme > is being used for TSIG. The problem is that cryptography is just a technology incapable of creating credential. Cryptography offers secure transport of pre-exsiting credential through the pre-existing relationship. > But the key management problems of a symmetric > algorithm increase significantly when more one-to-one "conversation" > keys are needed, Shared keys are needed only when there is pre-existing relationship. If there is pre-existing relationship, keys can be shared through the relationship. > Perhaps you live in a world where the only people whom you need to > communicate with are those with whom you've already established a > secure/authenticated communications link to support key exchange. Exactly. Note that, in general, we communicate over multiple link layers that end entities do not have to directly communicate/authenticate each other. > For the problem of "I need to be able to verify, when pulling data > from a DNS cache at point C, that it was authentic when it left the > authoritative server at point A and hasn't been changed since", That is not a problem of practical usefullness. Or, how much is compasated from compromized root server operators? In the real world, abstract security of PKI or seucre DNS is completely useless. > Anyone who performs any transaction worth "zillions of dollars" based > only on DNS today is an idiot. Anyone who performs any transaction worth > "zillions of dollars" based only on (DNS+DNSSEC signed zones) at some > point in the future is an idiot. What's your point? As one part of > a set of security features, DNSSEC signed zones have a place--which is > in no way meant to imply that SSL/TLS, or any other authentication/ > authorization scheme, will suddenly be useless. The real security is based on the pre-existing relationship. Anyone who relies on something else is an idiot. Masataka Ohta #---------------------------------------------------------------------- # To unsubscripbe, send a message to <dnsop-request@cafax.se>.