Hacker News new | ask | show | jobs
by tptacek 3875 days ago
No. (a) is wrong.

The difference between DNSSEC's government-controlled super CA and a normal TLS CA is that when Google spots a normal TLS CA misbehaving because of an alert from a broken pin or CT log, it can shitcan the CA, either evicting it from the trust store or placing onerous restrictions on it. Both of these things have happened and will keep happening.

Google cannot do that to .COM or .IO. If the government-controlled super-CA that runs .COM misbehaves, we have no recourse.

DNSSEC essentially takes the worst feature of the HTTPS trust model and bakes it permanently into the core fabric of the Internet.
2 comments
throwaway2048 3875 days ago
reposting a comment:

What do you think would happen under a DNSSEC-DANE TLS world if that started being detected via key pinning/CT ?

There is just no way the NSA is going to risk it except in very very specific circumstances they can easily control, (exactly the same situation as HPKP) because, they too will be forever burned just like an ssl CA would, except now they cant just switch to one of hundreds of other CAs, they have burned the root keys to a tld. This will be obvious, this will be screamed about from the rooftops, the key will be rotated + a ton greater scrutiny applied to the process.

Its not like browsers and other people pinning certs are just going to shrug their shoulders and say "aw shucks, i guess we wont worry about it"

link
hueving 3875 days ago
And how exactly do you think rotating a TLD key will help if it's obvious that TLD will just give the new key to the NSA anyway?
link
throwaway2048 3875 days ago
the same way it can help in the case of the CA, parties like Google will set strict standards + see them compiled with or DANE etc will be ignored from the suspect TLDs.
link
tptacek 3875 days ago
What does it mean to "set strict standards" on .COM? Google can eliminate whole CAs, or scope them down to only a subset of names. It can't do that with .COM.
link
throwaway2048 3874 days ago
it can however refuse to allow DANE to be used on .COM/other TLDs + apply immense political pressure.
link
tptacek 3874 days ago
If you're not going to allow DANE on .COM, what's the point?
link
aianus 3875 days ago
> it can shitcan the CA, either evicting it from the trust store or placing onerous restrictions on it

None of which prevents it from happening again with another one of the 300 CAs whenever another government gets antsy.

> If the government-controlled super-CA that runs .COM misbehaves, we have no recourse.

As a westerner I trust the super-CA that runs .COM 1000x more than some random CA in China or Iran or whatever. But even that's beside the point. If they abused their trust (which would be caught by CT) the whole system would collapse because, like you said, you can't shitcan .COM. Everyone would move to keypinning and/or a decentralized blockchain-based DNS solution and we would gain real security.

link
tptacek 3875 days ago
One thing I love about DNSSEC threads is that I get to join the anti-NSA faction on HN. Unlike you, I do not trust the giant corporation that controls .COM under charter from the US Government.

The USG has repeatedly abused its trust, often directly with respect to .COM. The Internet has not fled .COM.

The idea that we would deploy a forklift upgrade of a core protocol, at immense expense (look at Cloudflare's own marketing material!), ostensibly to improve security but in reality to put ourselves in the position of "fleeing .COM IF the US Government abuses it trust", boggles my mind.

The problem DNSSEC purports to solve is not cryptographically hard. DNSSEC made it hard because it was designed in 1995, at a time when designers felt it would be implausible for DNS servers to sign records.

We are talking about deploying this fiasco of a protocol with all its compromises purely because of the momentum of a 21+ year long standardization effort. Once we deploy it, any notion of solving the problem correctly dies. That's a terrible, terrible mistake.

link
jessaustin 3875 days ago
Once we deploy it, any notion of solving the problem correctly dies.

This seems to be the nut of the disagreement. Why do you expect that to be the case? Will good people like Marlinspike decide to just hang it up and throw in the towel now that CloudFlare have rolled out another service? Will CloudFlare themselves decide this is the last new security measure that anyone would ever want?

So far I have seen no technical reason why DNSSEC inhibits development of possibly more worthy security techniques. Sociological arguments are less convincing.

link
tptacek 3875 days ago
I don't know. Why don't you ask Moxie Marlinspike, who frequently comments on HN, what he thinks of DNSSEC?
link
jessaustin 3875 days ago
His comments are noted. They don't seem to include, "we're shutting down Convergence and Tack now that CloudFlare have rolled out DNSSEC."

Can you cite a technical reason why DNSSEC inhibits development of possibly more worthy security techniques?

link
tptacek 3875 days ago
That's not really my argument.

DNSSEC will kill any meaningful future work in DNS security, but like I keep saying, I'm not anti-DNSSEC because I'm pro-DNSCurve; I just think DNS security is a stupid problem. Draw a layer diagram of TCP/IP up through HTTPS. Somewhere on that diagram you have to draw a line and say "below this line we're not going to attempt cryptographic security". That's not a new insight; it's basically the core argument of Saltzer-Reed-Clark, the foundational design paper for the Internet.

I tried to keep my issues with DNSSEC terse and clean here:

http://sockpuppet.org/blog/2015/01/15/against-dnssec/

They are:

* It doesn't solve an important problem.

* It does create a new government-controlled PKI, which some people will depend on, to the detriment of safety and privacy.

* It's a cryptographically weak protocol designed by 90s-non-cryptographers.

* It breaks applications, as 'peterwwillis has been pointing out here for days.

* It's so expensive to deploy that Cloudflare is the biggest news to happen to it in 21 years.

* It doesn't protect browser lookups.

* It doesn't encrypt DNS requests and, in fact, actually forces sites to reveal more about their hosts than normal DNS does.

* Like I said up top, it's architecturally incoherent in a way that the End to End paper actually used as its motivating example all the way back in 1981.

I have spent a lot of time over the past 10 years arguing with people about DNSSEC. I'm not just making random stuff up in HN threads about this. You're probably not going to "gotcha" me on any of this.

link
dsl 3875 days ago
I used to work in DNS security. DNSSEC is a really bad idea. It blocked us from doing really innovative work that would have protected people.

Lots of really smart folks like tptacek and djb oppose it too. But even we can't stand in the way of millions in NSF dollars and a mission statement.

link