[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [resend] Use of DNS to distribute keys



Until now, the following message thread has not been copied to pem-dev. It should be, I 
think, because it calls into question the need for certificates to distribute public keys 
in the Internet.  In the following message from Masatak Ohta, there is included a quote 
from, I believe, Ran Atakinson:

      > > Key certificates are
      > > generally too big and clunky to be in DNS but public keys would work
      > > fine.  There is no reason for the keys stored in DNS to be embedded in
      > > a certificate because you can use secure communication with the DNS
      > > server based on the key from the next highest level in the DNS
      > > hierarchy.  ...  Caching keys is kind of like caching IP address info.

Unless I entirely misunderstand this thread, he is saying that the DNS can be trusted to 
maintain the binding between my host's public key and my host's name--WITHOUT using a 
signed certificate.  Before I die choking on my morning coffee, I would like to know 
something:  What assurance features and mechanisms does Ran propose to use to make us trust 
all the servers in the worldwide DNS system that much?  
------------------------------------------------------------------------------------------ 

> From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>
> Return-Path: <mohta@necom830.cc.titech.ac.jp>
> Subject: Re: [resend] Use of DNS to distribute keys
> To: dee@skidrow.lkg.dec.com (Beast)
> Date: Thu, 16 Sep 93 22:14:39 JST
> Cc: atkinson@itd.nrl.navy.mil, ipsec@ans.net, namedroppers@nic.ddn.mil
> In-Reply-To: <9309141946.AA11187@skidrow.lkg.dec.com>; from "Beast" at Sep 14, 93 3:46 pm
> X-Mailer: ELM [version 2.3 PL11]
> X-Mdf: Mail for shirey sent to  shirey@smiley.mitre.org
> 
> > From:  atkinson@itd.nrl.navy.mil (Ran Atkinson)
> > To:  ipsec@ans.net, namedroppers@nic.ddn.mil
> > >     For several years now I've been thinking that the DNS is
> > >probably a really good way to distribute keys (or key certificates).
> > >For example, if each host had a public key accessible via the DNS, one
> > >could more easily setup a secure session key between oneself and the
> > >remote host that one wished to communicate with.  Also, one might be
> > >able to encrypt UDP packets using asymmetric encryption for the odd
> > >case where one only wanted to send one or two packets and thereby
> > >avoid the overhead of setting up a session key for extremely brief
> > >sessions.
> > 
> > This is a great idea I have also had myself.  Key certificates are
> > generally too big and clunky to be in DNS but public keys would work
> > fine.  There is no reason for the keys stored in DNS to be embedded in
> > a certificate because you can use secure communication with the DNS
> > server based on the key from the next highest level in the DNS
> > hierarchy. Caching these keys is kind of like caching IP address
> > info.
> 
> This, obviously, is the way to go. So I have surprised to have received
> private mails saying that we don't need secure DNS because we have key
> certificate mechanism.
> 
> Some people does not understand that key certificate mechanism does not
> scale unless a tree of servers are formed.
> 
> > All you need to complete the picture is to magicly know (or get
> > via an e-mailed certificate or something) the public keys of the root
> > DNS servers.
> 
> And, as we need public keys to construct the DNS tree, we don't need
> any key certificates of servers.
> 
> > A 1024 bit RSA key, which most people consider secure, is only 128
> > bytes.  An appropriate RSA digital signature is going to be about the
> > same size.  I guess I should do the detailed arithmetic but it seems
> > to me like a public key containing DNS response should fit into the
> > DNS 512 bytes UDP limit.
> 
> I have found a exception. A reply packet for NS query will contain, as
> glue information, addresses AND public keys of multiple name servers.
> Thus the 512 bytes limit does matter if there is three name servers with
> glue information (quite common).
> 
> It should be noted that the NS reply for the root name servers has
> once exceeded the UDP limit even without any public keys.
> 
> So, if we must extend UDP size limit or must use TCP.
> 
>                                                 Masataka Ohta
> 
>