To:
Keith Moore <moore@cs.utk.edu>
Cc:
keydist@cafax.se
From:
Simon Josefsson <simon+keydist@josefsson.org>
Date:
Wed, 09 Jan 2002 22:28:57 +0100
In-Reply-To:
<200201092038.g09Kc3i24977@astro.cs.utk.edu> (Keith Moore'smessage of "Wed, 09 Jan 2002 15:38:03 -0500")
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.5 (bamboo,i686-pc-linux)
Subject:
Re: RESCAP/RC: an alternative to key distribution using DNS
Keith Moore <moore@cs.utk.edu> writes: > The RESCAP working group is working on the design of a protocol to > be used to allow the lookup of meta-information that is associated > with resource identifiers such as URIs. The Resource Catalog (RC) > protocol is being considered for this protocol. > > Basically RC assumes that there is some well-defined process for > mapping a URI to one or more servers that can perform the lookup. > The server is probably identified using a a NAPTR/SRV lookup mechanism > similar to that defined in RFC 2168 and RFC 2915. (in particular, > NAPTR allows this process to be adaptable to the variety of URI > syntaxes in use). > > The RC protocol itself is specifically designed to allow the client > to request named metadata that are associated with a resource name. > Arbitrary sets of metadata can be requested, and the kinds of metadata > that can be associated with a resource name are arbitrarily extensible > without changes to the RC servers. The RC protocol provides its own > mechanisms for signing arbitrary sets of metadata without constraining > the signature formats that can be used. Both the metadata and the > signatures are opaque to the RC server. > > Distribution of key material is one of many applications for which RC > was designed. But especially since I'm not a security expert, it's > entirely possible that there is some aspect of RC's design that > is deficient for this purpose. I'd very much appreciate comments > from this group on the suitability of RC for this application. From browsing the specification, it seems as it has the same problems that using SRV records to find LDAP servers that hold keying material has -- this problem has been explained a few times [1], but a short recap: The problem is that there is no (secure) coupling between the hostname (or URI in the case of RESCAP) and the keying material eventually looked up. Also, I do not see how RESCAP could be used to find keying material given the following statement about RESCAP's security scope. It seems as if RESCAP's purpose is to look up auxilliary and non-security critical information only. RC does not attempt to ameliorate the following threats: - Attempts to direct clients to send queries to unauthorized servers Even if unauthorized servers contain data which are signed by authoritative sources, the data provided by unauthorized servers may be stale or obsolete. When DNS SRV and address records are used to direct queries to RC servers, DNSSEC may be useful in authenticating such records to clients. NOTE: TLS server certificates could be used by the client to determine whether the server can authentically claim to operate on behalf of a particular DNS name. However, authority to operate on behalf of a DNS name does not necessarily imply authority to supply information about a resource name, particularly when the server operator may not be authoritative to make assertions about a particular resource, even if the server is the correct one to consult for information about that resource. (e.g. the RC service might be outsourced) [1] http://www.cafax.se/keydist/maillist/2001-12/msg00022.html