Richard Barnes wrote:
This debate has nothing to do with the security properties of DNSSEC.
A basic assumption of the DNS is that what the authoritative server for
zone says is, well, authoritative. The structure of DNS itself entitles
JPNIC to point ac.jp wherever they want; by using a name within the .jp
domain, you are agreeing to act within JPNIC's domain of control. JPNIC
could set up an authoritative server for hpcl.titech.ac.jp completely
independently of you, regardless of DNSSEC, and from the perspective of
the DNS, that would be the right answer.
I guess what Masataka was referring to is a different source of
variance, i.e. an impersonation of JPNIC's authority over its domain of
control (using a compromised JPNIC's private key).
All DNSSEC does is make the assertions made in the DNS reliable -- it
does nothing to change the locus of control.
Reliable through a chain fo digital signatures. Reliable to the extent
an impersonation attack (on the locus of control) does not occur based
on a compromised private signature key.
On the other hand, you can certainly use the DNSSEC protocol elements to
do peer-to-peer security, just like you can use private DNS servers, and
just like you can use TLS without trust anchors (i.e., with self-signed
certs). Just hand out the public half of your ZSK to people you want to
be able to verify names within your zone.
Then you reduce the chain of digital signatures to a single one, raising
confidence level at the cost of more key management hindrance.
Indeed, this thread seems to be another attempt to understand the basic
DNSSEC properties.
- Thierry
--Richard
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf