[110466] in North American Network Operators' Group
DNSSEC vs. X509 (Re: Security team successfully cracks SSL...)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Tue Jan 6 00:33:50 2009
To: nanog@merit.edu
From: Paul Vixie <vixie@isc.org>
Date: Tue, 06 Jan 2009 05:32:36 +0000
In-Reply-To: <443E4CB9-B788-4D59-9139-1F44324EFA0C@hopcount.ca> (Joe Abley's
message of "Mon\, 5 Jan 2009 15\:39\:37 -0500")
Errors-To: nanog-bounces@nanog.org
Joe Abley <jabley@hopcount.ca> writes:
> On 2009-01-05, at 15:18, Jason Uhlenkott wrote:
>
>> If we had DNSSEC, we could do away with SSL CAs entirely. The owner
>> of each domain or host could publish a self-signed cert in a TXT RR,
>
> ... or even in a CERT RR, as I heard various clever people talking about
> in some virtual hallway the other day.
> <http://www.isi.edu/in-notes/rfc2538.txt>.
i wasn't clever but i was in that hallway. it's more complicated than
RFC 2538, but there does seem to be a way forward involving SSL/TLS (to
get channel encryption) but where a self-signed key could be verified
using a CERT RR (to get endpoint identity authentication). the attacks
recently have been against MD5 (used by some X.509 CA's) and against an
X.509 CA's identity verification methods (used at certificate granting
time). no recent attack has shaken my confidence in SSL/TLS negotiation
or encryption, but frankly i'm a little worried about nondeployability
of X.509 now that i see what the CA's are doing operationally when they
start to feel margin pressure and need to keep volume up + costs down.
i don't have a specific proposal. (yet.) but i'm investigating, and i
recommend others do likewise.
--
Paul Vixie
