[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNSSEC for IPSEC?
> I have some questions I am asking myself with regard to
> using DNS to aid IPSEC. Are they valid? I dunno, but here
> they are. What do you think?
We should probably limit this form of traffic on the list. People
with specific questions of the "I don't know but..." variety should
send them directly to me. People with issues or questions of the
"I've read the spec and thought about it and..." variety should
send them to the whole list.
> * I am not confident of the security of the root servers.
> What is the effect of root server key compromise or
> the server itself?
Signing of DNS records is designed to be performed offline. The input
to signing is an ASCII zone file and a private key; the signing
results in a new ASCII zone file, which includes the original DNS
records, plus SIG records interspersed throughout.
If one of the root zone's servers (there are half a dozen) is
compromised, there is no issue. It will not be able to present
authenticated bogus information, since the root zone's private key is
held offline.
If the root zone's key becomes known, those who have it can
authentically create new top-level domains, or authentically sign new
keys for existing top-level domains such as COM.
However, the attackers would not have COM's private key. They could
only make a new one up, and sign that. They could not authenticate a
new key for e.g. SUN.COM, without faking up an entire new COM domain,
with new signatures on every entry. This would likely lead to detection.
There is a trickiness possible here; if the DNSSEC validation
algorithm permits the use of a key for e.g. SUN.COM that is signed
directly by the root, despite the existence of a level of delegation
in the middle (COM), a root key compromise allows for more mischief.
The holder of the root key could sign new bogus keys or other records
at any level of the hierarchy. I expect that as a result the
algorithm will disallow such "shortcut" validation.
> * I believe that, for DNS records to be trustworthy, all
> zones from the source zone to the root be verifiable. What
> is the likelihood that will happen anytime soon? What is
> "soon"?
There are two parts of the answer. First, within organizations,
verification need not go all the way to the root, just to the common
ancestor of the communicating parties. yyy.tokyo.sun.com need not trust
the root or COM when checking keys for zzz.scotland.sun.com, if it has
been configured to know sun.com's public key in a config file. This will
be useful in intra-nets and in bootstrapping the Internet. The use of
"upward key signatures" can also make this easier to administer.
I have spoken with representatives of most of the major NICs at IETF,
as well as with Jon Postel who runs the root zone. They all indicated
a willingness to sign records for their customers as soon as the
software to do so was available. They, too, are interested in securing
the infrastructure that they are paid to maintain :-).
I believe that most high level zones will have keys and offer
signatures before the end of this year.
John Gilmore
Follow-Ups:
References: