[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEC for IPSEC?

To: dennis.glatting@plaintalk.bellevue.wa.us
Subject: Re: DNSSEC for IPSEC?
From: Derek Atkins <warlord@mit.edu>
Date: Sun, 28 Jul 1996 21:52:10 EDT
Cc: ipsec@TIS.COM
In-Reply-To: Your message of "Sat, 27 Jul 1996 14:41:48 PDT." <199607272141.OAA00960@imo.plaintalk.bellevue.wa.us>
Sender: ipsec-approval@neptune.tis.com

Dennis,

> The servers that serve . also serve EDU -- the disconnect
> between them is a logical one, not a physical one. A
> compromise of either is a compromise of both (as well as
> COM).

But this doesn't change what I said.  To forge MIT.EDU you need to
either fool EDU or forge EDU.  To forge EDU you need to either fool or
forge ".".  The fact that "." and EDU are physically the same just
makes an attack against one an attack against them all.

> The EDU zone could sign a key for the MIT.EDU subzone
> and return glue data that isn't addressed to MIT.EDU but
> to an impostor. If the resolver knew MIT's key then the
> impostor would have a problem; however, I suspect
> resolvers will commonly trust the key from the
> super zone. Once an impostor is introduced into the
> path, duplicating a hierarchy is just work.

Let's assume that EDU wasn't broken, so it signed the real MIT.EDU
subzone key.  Even if the glue points off to an imposter, the imposter
can't sign the data in the DNS since it doesn't have the MIT.EDU key.
So a client knows that it was sent to an imposter.

Now, if the imposter signs its data, the key used to sign the data
won't match the key signed by EDU.  Again, a client knows that it is
an imposter.

The only way for a client to believe the DNS data from the imposter is
if the imposter's key is signed by EDU, which requires a break of
EDU's key.  A break of EDU's key, in turn requires a break of the root
key, which is supposedly hard-coded into the client already.

Sure, "." and EDU are on the same machine, but you have to break into
the machine that holds the key in order to exploit it.  In that case,
the assumptions upon which DNSSEC was built are no longer valid.  The
assumption is that you cannot break the root key, and that each
subdomain key is kept "secure".

Fine, you can go factor the RSA key and start signing things.  But
that isn't an interesting attack against the protocol.  Sure, you can
break into the server and steal the key, but again that isn't an
interesting attack against the protocol.

-derek

References:

Re: DNSSEC for IPSEC?

From: Dennis Glatting <dennisg@plaintalk.bellevue.wa.us>

Prev by Date: Securing 5% of the Internet against Wiretapping by Christmas
Next by Date: DIMACS Workshop on Trust Management in Networks
Prev by thread: Re: DNSSEC for IPSEC?
Next by thread: Re: DNSSEC for IPSEC?
Index(es):
- Main
- Thread