To:
Keith Moore <moore@cs.utk.edu>
Cc:
keydist@cafax.se
From:
RJ Atkinson <rja@extremenetworks.com>
Date:
Tue, 26 Mar 2002 13:28:50 -0500
In-Reply-To:
<200203261809.g2QI9Lt17021@astro.cs.utk.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
On Tuesday, March 26, 2002, at 01:09 , Keith Moore wrote: >> Indeed. and those who reject systems which wish to bootstrap off >> secured dns out of hand are not letting the user make this informed >> decision. > > as I see it, there are three major problems with this approach: > > 1. unconditionally representing this as a security improvement and not > informing the user about the limitations of this approach - and in > particular, about the degree of trust that this invests in the > root and higher-level zones. It does NOT necessarily invest more trust in the root zone. Example: inet.org could use its own key to sign DNS records under inet.org and could distribute the authentication key for inet.org's records via out-of-band/non-DNS methods. Parties having that authentication key could use DNS to validate the specific entries obtained via DNS (with DNSsec) without having to place ANY additional trust in the root or ORG zones. > 2. trusting DNS "by default" - i.e. presuming the user's choice. That hasn't been Bill's proposal. However, Bill is quite correct that if the existing (untrusted) DNS gives out bad data, nearly everyone is in trouble. > 3. building a system that is so inflexible that it doesn't support > other trust models. Nothing in Bill's proposal precludes other trust models. See example above. See existing option to use (IMHO, much more complicated to deploy) X.509v3 certificates, etc. So my issue is that either you aren't being clear enough about your issues, I'm too stupid to understand, or the issues aren't real. And I'm not sure which of the 3 is the case, just this minute. Ran rja@extremenetwork.com