Hacker News new | ask | show | jobs
by sarciszewski 3875 days ago
Wouldn't that require a nation state to:

1. Get a signed CA certificate for your domain at gun-point.

2. Send a forged DNSSEC record?

In which case, it's not significantly worse than the current state? And even though we can't burn a TLD, we can burn the CA that signed the certificate in the first place?

Or is there some magic in DANE that subverts CA verification?
1 comments
tptacek 3875 days ago
I don't understand your question. If the government can't subvert CAs, DNSSEC is pointless; let's all just rely on the CAs. It can subvert them. Now, what problem is DNSSEC solving?
link
sarciszewski 3875 days ago
I'm just trying to understand this attack that you implied.
link
tptacek 3875 days ago
Yes: assume one of the thousands of CAs you trust has been compromised by NSA.
link
sarciszewski 3875 days ago
Okay, so this is what happens:

1. Evil NSA compromises CA in BFE

2. Evil NSA subverts DNSSEC for COM to publish a bad CA certificate

3. Some combination of Google Certificate Transparency + HPKP discovers this, the CA in BFE gets removed from browsers

If your point is "DNSSEC is pointless", OK. But it sounds like you're saying it makes us less secure. I'm just trying to figure out how that could even be.

link
rajivm 3875 days ago
I'm not sure why your question is being side-stepped, I also had the same wonder. It seems from reading though that the reason this is a problem is CAs are not involved at all in the DANE/TLS scenario. Instead, the X.509 cert. stored in DNS is trusted for TLS purposes simply because it is DNSSEC signed rather than CA issued. However, it seems at this time, no mainstream browser actually supports this natively (some have released plugins).

What I (and you) seem to have assumed was that this was DNS based certificate pinning, which to me would have made a lot of sense.

link
sarciszewski 3875 days ago
> Instead, the X.509 cert. stored in DNS is trusted for TLS purposes simply because it is DNSSEC signed rather than CA issued.

And I would see that as a huge mistake. Requiring two layers of verification (DNSSEC + separate CA) is what had I assumed DNSSEC would do.

Would that stop the NSA? Probably not, but the person who broke DigiNotar wasn't exactly NSA.

link
tptacek 3875 days ago
I feel like I can't answer this without repeating this post:

http://sockpuppet.org/blog/2015/01/15/against-dnssec/

... or its FAQ.

link