Re: Interim signing of the root zone.

[Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>]

Rip Loomis;

> > > Note too that with CRL's, the incident above was easily rectified - 
> > > in applications that fully implemented X.509 processing.
> > 
> > Unfortunately for you, CRL is another example on why CA-based security
> > is useless.
> > 
> > Namely, there is no proper period to check CRL.
> > 
> > CAs, the intelligent intermediate systems having no knowledge on the
> > requirement of applications, set the period, which is inappropriate
> > for most applications.
> 
> There's nothing preventing an application checking very very often--
> but a CA might not update a CRL in a timely manner.  That's one of
> the reasons for OCSP responders.  But this is way off topic for this
> mailing list, so let's stick to the non-CA, non-X.509 methods that are
> actually going to be *used* in DNSSEC.

Name servers of secure DNS are CAs.

> > > >What Masataka Ohta IMHO tries to say is that it is at best nice to
> > > >have a signed root zone, but you will not gain /any/ 
> > > >increase in security.
> > > 
> > > The goal of security is to limit the damage of an (unauthorized) 
> > > action. (With "damage" being inherently "bad stuff.")  Significant 
> > > subgoals of security are to lower the chance (probability) that an 
> > > unauthorized action will have any impact, limiting the impact to a 
> > > small set of assets, and limiting the duration of the impact.
> > 
> > That's why shared key cryptography, which limits the impact of
> > compromized security to the small set, members of which are directly
> > involved in the action, is the way to go.
> 
> You simply must be missing something in the last several years of
> discussions, and in the history of cryptography.  Use of a symmetric/
> shared/secret key algorithm might be appropriate for systems/organizations
> with a pre-existing relationship--and in fact that's why such a scheme
> is being used for TSIG.

The problem is that cryptography is just a technology incapable
of creating credential.

Cryptography offers secure transport of pre-exsiting credential
through the pre-existing relationship.

> But the key management problems of a symmetric
> algorithm increase significantly when more one-to-one "conversation"
> keys are needed,

Shared keys are needed only when there is pre-existing relationship.

If there is pre-existing relationship, keys can be shared through
the relationship.

> Perhaps you live in a world where the only people whom you need to
> communicate with are those with whom you've already established a
> secure/authenticated communications link to support key exchange.

Exactly.

Note that, in general, we communicate over multiple link layers that
end entities do not have to directly communicate/authenticate each other.

> For the problem of "I need to be able to verify, when pulling data
> from a DNS cache at point C, that it was authentic when it left the
> authoritative server at point A and hasn't been changed since",

That is not a problem of practical usefullness.

Or, how much is compasated from compromized root server operators?

In the real world, abstract security of PKI or seucre DNS is
completely useless.

> Anyone who performs any transaction worth "zillions of dollars" based
> only on DNS today is an idiot.  Anyone who performs any transaction worth
> "zillions of dollars" based only on (DNS+DNSSEC signed zones) at some
> point in the future is an idiot.  What's your point?  As one part of
> a set of security features, DNSSEC signed zones have a place--which is
> in no way meant to imply that SSL/TLS, or any other authentication/
> authorization scheme, will suddenly be useless.

The real security is based on the pre-existing relationship.

Anyone who relies on something else is an idiot.

						Masataka Ohta
#----------------------------------------------------------------------
# To unsubscripbe, send a message to <dnsop-request@cafax.se>.