Kemp, David P. writes: > For the DNS/PKI case, if A is an IP address for a dnsname and B is a > public key for a dnsname, then it is necessary to attack the sources of > A and B in order to successfully spoof a named server. If A and B come > from the same system (e.g., DNS) it is necessary to attack only that > system. If they come from different systems (DNS and PKI) then it is > necessary to attack both. Attacking only one may cause an availability > failure, but not an integrity failure.
In the case where an attacker controls the network, they can win with B only, without A, because they can perform an active attack even when the client knows the correct IP address for the server. Consider http://www.ex-parrot.com/~pete/upside-down-ternet.html which only attempts to attack HTTP without TLS. But notice that it would work correctly even with DNSSEC because it does not rely on misleading the client about the server's IP address. In this threat model, attacking the source of A is not necessary for spoofing a TLS-enabled server, but attacking the source of B is. This threat model could apply realistically to many public networks, particularly because the attacker need not be the network's legitimate owner in order to control the network (for instance, through compromised routers, DHCP spoofing, or ARP spoofing). In this model, getting the service's correct public key to the client is necessary and sufficient all by itself. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
