>>> If a system is going to be robust in practice it has to take account >>> of all possible sources of error including administrative incompetence >>> and user error. >> >> I'm curious: where do you draw the line? Should routing system security >> be included? Email security (since many transactions relating to DNS >> zone administration occur via email)? Telephone? Etc. >> >>> Security that only looks at malice is brittle security. >> >> Security that looks at 'all possible sources of error' seems to me >> to be a halting state problem > > > Drawing a line amounts to sticking your head in the sand. > > A chain is only as strong as its weakest link, and aside from > wanna-bees, determined attackers are *not* going to attack the > strong pieces of the technology, but turn the weak parts or > the links between. > > Using DNS names for authentication is the folly here. If we believe > that using DNS names for authentication, then we need to fix *all* > parts of the technology, including the adminitrative procedures > for managing/delegating DNS names.
Ok, what names *should* we be using? Maybe we should use names that people claim by presenting their drivers' licenses? <http://dmv.ca.gov/pubs/newsrel/newsrel11/2011_26.htm> Passports? <http://www.usimmigration.com/selling-fake-passports.html> Can you point to an identity system that doesn't have layer-9 vulnerabilities? Domain names are names like any other name, except they have some nice features: Hierarchical storage and you can use them to look stuff up. ISTM that this group will have a win if they can come up with a good way to authenticate domain names, possibly patching over some of the layer-9 weaknesses. --Richard _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
