On Mon, Nov 25, 2013 at 6:22 PM, David Conrad <drc@xxxxxxxxxxxxxxx> wrote:
On Nov 25, 2013, at 10:06 AM, John Levine <johnl@xxxxxxxxx> wrote:As I'm sure you're aware, for this attack to work, not only would the US government need to compromise the root KSK HSMs and a rather Byzantine set of safeguards, they would also presumably need to do so in a way that would reduce the likelihood that the compromised elements would be noticed.
>>> Is the DNSSEC root key secure against National Security Letters?
>> What does that mean? Exactly what threat are you imagining an NSL would be used to hide?
> Hijack someone's DNS traffic, provide a chain of fake servers pointing
> to a fake mail or web host, all with valid DNSSEC.
You clearly do not understand the nature of those controls. They are designed to prevent an individual being in sole control of a key and defecting or being coerced. They are not designed to prevent government coercion. Separation of duties does not provide an effective control against government coercion because the government can coerce multiple parties as easily as one.
The CA based PKI has a similar issue which is why there is interest in Certificate Transparency. The CA based PKI was designed to protect commercial assets against criminal attackers. Preventing government coercion was not considered. The root key management process is identical in all significant respects to the VeriSign Class 3 root management process.
If we are positing the failure of those controls in one case then we should posit the same attack in the other. Unfortunately the argument that is made is a highly partisan one which seizes on any possible hole in the CA scheme as damning but ignores the exact same issues in the DANE/DNSSEC scheme.
At least in the CA trust scheme there is a choice of trust providers. If ICANN were to turn DigiNotar it is the only option, it is not only 'too big to fail' it is the only possible provider.
Website: http://hallambaker.com/