[110433] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Jan 5 16:09:45 2009
Date: Tue, 06 Jan 2009 06:09:34 +0900
From: Randy Bush <randy@psg.com>
To: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <8A9328FD-EEAB-4CCB-A073-0775D71BFB2E@hopcount.ca>
Cc: "nanog@nanog.org" <nanog@nanog.org>, Joe Greco <jgreco@ns.sol.net>
Errors-To: nanog-bounces@nanog.org
On 09.01.06 05:59, Joe Abley wrote:
>> perhaps i am a bit slow. but could someone explain to me how trust in
>> dns data transfers to trust in an http partner and other uses to which
>> ssl is put?
>
> If I can get secure answers to "www.bank.example IN CERT?" and
> "www.bank.example IN A?" then perhaps when I connect to
> www.bank.example:443 I can decide to trust the certificate presented by
> the server based on the trust anchor I extracted from the DNS, rather
> than whatever trust anchors were bundled with my browser.
>
> That presumably would mean that the organisation responsible for
> bank.example could run their own CA and publish their own trust anchor,
> without having to buy that service from one of the traditional CA
> companies.
>
> No doubt there is more to it than that. I don't know anything much about
> X.509.
x.509 is not the issue. it is your assumption that dns trust is
formally transferrable to ssl/tls cert trust.
to use your example, the contractor who serves dns for www.bank.example
could insert a cert and then fake the web site having (a child of) that
cert. whereas, if the site had its cert a descendant of the ca for all
banks, this attack would fail.
and i am not interested in quibbling about banks and who issues root
cas. the point is that there are two different trust models here, and
trust is not transitive.
but then again, i have not even had coffee yet this morning.
randy
