On Sep 6, 2013, at 3:25 AM, Måns Nilsson <mansaxel@xxxxxxxxxxxxxxxx> wrote:
> I do think that more distributed technoligies like DANE play an important
> rôle here.
Right, because there's no way the NSA could ever pwn the DNS root key.
What we should probably be thinking about here is:
- Mitigating single points of failure (IOW, we _cannot_ rely
on just the root key)
- Hybrid solutions (more trust sources means more work to
compromise)
- Sanity checking (if a key changes unexpectedly, we should
be able to notice)
- Multiple trust anchors (for stuff that really matters, we
can't rely on the root or on a third party CA)
- Trust anchor establishment for sensitive communications
(e.g. with banks)
The threat model isn't really the NSA per se—if they really want to bug you, they will, and you can't stop them, and that's not a uniformly bad thing. The problem is the breathtakingly irresponsible weakening of crypto systems that has been alleged here, and what we can do to mitigate that. Even if we aren't sure that it's happened, or precisely what's happened, it's likely that it has happened, or will happen in the near future. We should be thinking in those terms, not crossing our fingers and hoping for the best.