On 16.1.2015 05:19, Richard W.M. Jones wrote:> On Thu, Jan 15, 2015 at 07:45:00PM -0500, Neal Becker wrote: >> > I personally know nothing of the subject, but found this article, I wonder if >> > there's any truth here? If so, maybe the push for dnssec on f22 isn't as >> > wonderful as supposed: >> > >> > http://sockpuppet.org/blog/2015/01/15/against-dnssec/ > Considerable amount of commentary on this article here: > > https://news.ycombinator.com/item?id=8894902 Wow, it seems that DNSSEC topic joined The Flamewar Club and will have its place next to "Windows x *nix" flamewars :-) Tomas Hozza and me will be giving a talk/workshop about DNSSEC in practice at DevConf 2015 in Brno. Join us and get your hands dirty instead of writing hateful posts on the Internet! You will have a plenty of time for judging after the first introduction and hands-on experience :-) See http://sched.co/2Bet Here I'm going to limit myself to clarifying the section "DNSSEC is a Government-Controlled PKI" from the article. Disclaimer: I'm intentionally omitting *many* details here to make it concise. Go ahead and read RFC 4034 and 4035 if you want to understand all the gory details. First of all, to some degree "DNSSEC is a Government-Controlled PKI" but you need to understand few important details before you can draw informed comparison with "classic" X.509 PKI. - We can assume that US gov can force organization responsible for signing the root zone (Verising) to sign fake version of the root zone, of course. - In practice it would be hugely problematic to do such attack *on large scale* because the root zone is served from a large number of servers *and organizations* worldwide so it is very unlikely that a "fake" version of the root zone would go unnoticed. - If we limit the the attack to one target (organization/person) it would not be so easy either. An attacker would have to feed the target with fake data all the time because DNSSEC validation would fail if the client was confronted with fake & "genuine" data at the same time. (Again, go and understand DS/DNSKEY hierarchy described in RFC 4034 and do not forget to consider which zones contain data 'useful' to an attacker.) To sum it up - DNSSEC gives you Hierarchical trust model: “my.example.net.” can be spoofed *only* by its parents: - example.net. - net. - DNS root “.” Now you are in position to compare DNSSEC+DANE with X.509 PKI: There were 1,482 CA Certificates trustable by Windows or Firefox in 2010 and any of them could spoof TLS cert. (This list of CAs include surprises like a state-controlled CA which never issued public facing certificate etc.) More importantly, this spoofed cert is easily usable for very targeted attacks (e.g. to a single TLS connection) and is extremely hard to detect by unsuspecting client. See https://www.eff.org/observatory for details about a TLS survey done by EFF. I hope to see you at our DNSSEC workshop! http://sched.co/2Bet -- Petr Spacek @ Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
