On Tue, Jun 02, 2009 at 10:38:28PM +0900, Masataka Ohta wrote: > Christian Huitema wrote: > > >>That is, security of DNSSEC involves third parties and is not end > >>to end. > > > That is indeed correct. An attacker can build a fake hierarchy of > > "secure DNS" assertions and try to get it accepted. The attack can > > succeed with the complicity of one of the authorities in the > > hierarchy. It is a classic "attack by a trusted party". > > Yes, the hierarchy has hops. > > For my domain: "necom830.hpcl.titech.ac.jp", hierarechy of zones > have hops of ".", "jp", "ac.jp", "titech.ac.jp" and > "hpcl.titech.ac.jp". The authority hops are IANA, JPNIC, my > university, and my lab. Though you may have direct relationship > with IANA, JPNIC is the third party for both you and me. > > > If an intermediate authority has > > been compromised, it can just as well insert a fake NS record -- > > that's not harder than a fake record signature. > > So, with a compromised hop of an intermediate authority, record > signature on the faked next hop key can be generated. > > Then, with a private key corresponding to the faked next hop key, > record signature on the faked second next hop key can be generated. > > Then, with a private key corresponding to the faked second next > hop key, record signature on the faked third next hop key can be > generated. > > Yes, security of DNSSEC is totally hop by hop. > > Masataka Ohta i think the distinction here might be characterised by the use of terms: -channel security -data integrity DNSSEC - the signing of the data, provides a means to ensure the accuracy and integrity of the data, the payload. Given the design of the DNS, that data can come from an authoritative source or a cache. there is no expectation that the data will emerge from or through any given path/source. Once the data is received, it is possible to determine if the data is a) intact, and b) untampered with. There is no hop/hop at the transport level cause DNS really doesn't work that way today. Channel Security - hop/hop can be done a couple of different ways. IPsec, TSIG, SIG(0), DNSCurve et.al. From a resolver point of view, this type of security is usually done only one hop away, to the prefered cache or (small) set of authoritative servers. It could be possible, but unweildy to do complete channel security. But to what end? --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf