To:
<keydist@cafax.se>, "Edward Lewis" <lewis@tislabs.com>
Cc:
<lewis@tislabs.com>
From:
"James Seng" <jseng@pobox.org.sg>
Date:
Thu, 28 Mar 2002 09:55:18 +0800
Sender:
owner-keydist@cafax.se
Subject:
Re: Leveraging trust
I know we are still divided on the issue of trust model, whether it is in scope or not. The difficulty of discussion trust model for keys distribution, especially using DNS, is that it is build on one and only one model - hierarchy. Hierarachy, single root, is the only model we know that scale in Internet, we should not ignore that there are other model which also works in large scale (See phone numbers). I believe we should look at DNS as just another key distribution mechanism. The goal here is how to distribute keys over DNS "securely". Here, I define "securely" as only data integrity. And we have to limit the applications of these keys, specifying where it would be useful (e.g. SSH, IPSEC) and where it is not (e.g. wire transfer). The authentication of the keys and the trust model to do that key verification is another aspect of the bigger problem someone have to solve. Someone could be someone else, not neccessary us. Or it could be tackle when we finish the first goal. However, to squeeze these two topic together is getting no where. Lets get our priority correct and then proceed one step at a time. -James Seng > There seems to be some disagreement on whether leveraging trust is a > problem or not. > > Assume for a moment that DNSSEC has a signed root and a sequence of signed > zones down to a point in the DNS, and that point either has a key for an > application or indicates where a key can be found. > > On the other hand assume that it is up to each instance of an application > (eg a server in a server/client application) to distribute the keys without > DNS. > > In the first situation, by distributing the one root key, one can validate > all other information in the DNS. Of course, if that root key is "broken" > then everything is vulnerable. In the second situation, each and every > instance has to distribute the key, but there is no single achillies heel. > > >From the point of view of a single instance, distributing individual keys > looks to be more promising that a root key because the workload is the same > (perhaps less) and there is no larger fallout of breaking the one > distributed key. (If I'm only interested in a single instance, then > fallout isn't a concern, and basically the two approaches the the same.) > > But if I want to scale the distribution model, I see a tradeoff of a single > key breaking versus the vulnerability of a lot of key distribution work. > This is in essence the tradeoff of DNS versus no DNS bootstrap. > > It seems to me that it is worth strengthening the security of the root > rather than just dismissing them out of hand. Yes, a single root is a > vulnerable point, but is there any other way to address scaleability? > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis NAI Labs > Phone: +1 443-259-2352 Email: lewis@tislabs.com > > Opinions expressed are property of my evil twin, not my employer. > >