[tptacek]

One thing I love about DNSSEC threads is that I get to join the anti-NSA faction on HN. Unlike you, I do not trust the giant corporation that controls .COM under charter from the US Government.

The USG has repeatedly abused its trust, often directly with respect to .COM. The Internet has not fled .COM.

The idea that we would deploy a forklift upgrade of a core protocol, at immense expense (look at Cloudflare's own marketing material!), ostensibly to improve security but in reality to put ourselves in the position of "fleeing .COM IF the US Government abuses it trust", boggles my mind.

The problem DNSSEC purports to solve is not cryptographically hard. DNSSEC made it hard because it was designed in 1995, at a time when designers felt it would be implausible for DNS servers to sign records.

We are talking about deploying this fiasco of a protocol with all its compromises purely because of the momentum of a 21+ year long standardization effort. Once we deploy it, any notion of solving the problem correctly dies. That's a terrible, terrible mistake.

[jessaustin]

Once we deploy it, any notion of solving the problem correctly dies.

This seems to be the nut of the disagreement. Why do you expect that to be the case? Will good people like Marlinspike decide to just hang it up and throw in the towel now that CloudFlare have rolled out another service? Will CloudFlare themselves decide this is the last new security measure that anyone would ever want?

So far I have seen no technical reason why DNSSEC inhibits development of possibly more worthy security techniques. Sociological arguments are less convincing.

[tptacek]

I don't know. Why don't you ask Moxie Marlinspike, who frequently comments on HN, what he thinks of DNSSEC?

[jessaustin]

His comments are noted. They don't seem to include, "we're shutting down Convergence and Tack now that CloudFlare have rolled out DNSSEC."

Can you cite a technical reason why DNSSEC inhibits development of possibly more worthy security techniques?

[tptacek]

That's not really my argument.

DNSSEC will kill any meaningful future work in DNS security, but like I keep saying, I'm not anti-DNSSEC because I'm pro-DNSCurve; I just think DNS security is a stupid problem. Draw a layer diagram of TCP/IP up through HTTPS. Somewhere on that diagram you have to draw a line and say "below this line we're not going to attempt cryptographic security". That's not a new insight; it's basically the core argument of Saltzer-Reed-Clark, the foundational design paper for the Internet.

I tried to keep my issues with DNSSEC terse and clean here:

http://sockpuppet.org/blog/2015/01/15/against-dnssec/

They are:

* It doesn't solve an important problem.

* It does create a new government-controlled PKI, which some people will depend on, to the detriment of safety and privacy.

* It's a cryptographically weak protocol designed by 90s-non-cryptographers.

* It breaks applications, as 'peterwwillis has been pointing out here for days.

* It's so expensive to deploy that Cloudflare is the biggest news to happen to it in 21 years.

* It doesn't protect browser lookups.

* It doesn't encrypt DNS requests and, in fact, actually forces sites to reveal more about their hosts than normal DNS does.

* Like I said up top, it's architecturally incoherent in a way that the End to End paper actually used as its motivating example all the way back in 1981.

I have spent a lot of time over the past 10 years arguing with people about DNSSEC. I'm not just making random stuff up in HN threads about this. You're probably not going to "gotcha" me on any of this.

[jessaustin]

Without the proposition "Once we deploy it, any notion of solving the problem correctly dies", which you seem to repudiate here, much of the sound and fury on HN in recent days would evaporate.

People doing dumb shit on the internet is typically not a problem for me, so while the end-to-end argument suffices to dismiss DNSSEC as worthy of investigation, I remain confused by all the attention drawn to this. If it's all a CloudFlare marketing stunt, has no one heard of the Streisand Effect? If it's all an NSA email-reading effort, why don't they just keep reading our email in the same fashion they already do? Confusing...

[tptacek]

I vigorously disagree that the "sound and fury" on HN is about DNSSEC sucking all the oxygen out of the DNS security problem. It is on its face a PKI that gives control over .COM keys to the NSA.

[dsl]

I used to work in DNS security. DNSSEC is a really bad idea. It blocked us from doing really innovative work that would have protected people.

Lots of really smart folks like tptacek and djb oppose it too. But even we can't stand in the way of millions in NSF dollars and a mission statement.

[tptacek]

I can give a specific example of that happening:

The "Kaminsky Attack" from 2008 was an extension of a well known attack from the late 1990s (Kaminsky's innovation was to combine the two best-known attacks from the 90s: request ID prediction and authority record poisoning).

When he announced it, Kaminsky's attack impacted BIND (the de facto standard server) but not djbdns. That's because djbdns randomized ports and request IDs, making the attack difficult (not impossible, but not practical). Djbdns started out randomized that way.

Back in the 1990s, when request ID attacks were first being demonstrated, it was suggested on NANOG that BIND randomize ports as well. IIRC, Vixie even claimed to have performance numbers for a "scoreboarding resolver" that used randomization. But he objected to the deployment of that software, because the "right" solution was DNSSEC.

(I was on NANOG at the time because I had written exploit code for both sets of problems).

Fast forward a decade and Kaminsky has "broken the Internet", forcing BIND to finally fully randomize (a countermeasure that more or less killed his attack). The irony is: Kaminsky's attack was seized on as a reason to deploy DNSSEC!