[ No hats] [ Changed the subject to hopefully more correctly identify the discussion ]
On Dec 10, 2013, at 10:22 AM, Ben Laurie <[email protected]> wrote: > >> On 10 December 2013 15:17, Stephen Kent <[email protected]> wrote: >>> Ben, >>> ... >>> >>> >>> I'm willing to consider it. But I'm still concerned that without something >>> akin to CT, DANE is more dangerous than the existing PKI. >>> >> Can you elaborate, without reference to CY :-)? DANE seems preferable >> because the DNS hierarchy constrains the range of names that a node may >> assert (validly), unlike the WebPKI model. >> > I agree that there is this additional constraint. It doesn't really address > the core problem, though, which is that registries and registrars, like CAs, > are vulnerable to error, coercion and getting pwned. Registries are also in a > great position to mount targeted attacks, unlike CAs. > So, we had numerous discussions on this topic back at the beginning. At the core of the discussion was the fact that an attacker who is able to manipulate the DNS can get a CA signed cert (the attacker points the MX to a box under their control, applies for a DV cert at www.certs-r-us.com, receives the authentication cookie mail and sends it back to the CA). This attack doesn’t allow the attacker to get a cert that requires special validation, and also doesn’t work for the special golden names)… When we were having these discussions I think that a number of us had a somewhat different (and some would say naive) view of the threat landscape. I personally was more focused on the lone attacker scenario, and not the "nation state who doesn’t mind being noticed” attack. In many / most cases the ccTLD operator is in country (I believe that ICANN now requires the cc Admin contact to be in county) and could be compelled to publish fake DS and NS records for a specific domain and serve a parallel DNS tree[0]. This would be technically tricky (what with caching and the difficulty of correctly doing key rolls even which all parties co-operating), but not impossible. It would (probably) be fairly noticeable, but this might be acceptable to the attacker. The above is conceptually similar to just seizing the domain (like the ICE / DHS counterfeit seizures), but with DANE could allow the attacker to also get a lock icon. Having something like CT but for DANE / DNSSEC would (IMO) be very useful — I believe that there was some activity on this front, any updates? > Experience suggests that their record, on the whole, is less good than CAs. > [0]: I’m using cc’s as an example here, but the same applies to gTLDs in the attacking country. P.S: Apologies — for some reason my MUA refused to understand Ben’s quoting level. I tried to requote correctly but may be misattributing. > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane -- It's a mistake trying to cheer up camels. You might as well drop meringues into a black hole. -- Terry Prachett _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
