On Apr 25, 2009, at 5:56 AM, Holger Zuleger wrote:
Neither my Linux install nor my Mac OS X install supports TSIG
resolver queries out of the box. Probably because you'd have to
put the key in a publicly-readable file.
I worry that it's more complicated than that.
Plain HMAC-MD5 will not be a scalable solution. GSS-TSIG could help
here. But this has some other drawbacks, e.g. as a third party
authentication system, the client has to find the KDC first, and
will mostly use DNS for that. So at the end we run into a chicken
and egg problem.
But maybe I have overlooked something.
I think it's important to consider what's good enough. Right now,
for instance, we all use ssh professionally to get work done. How
many of us arrange to get the host key out of band? Probably close
to none. How often do we get hosed by MiTM attacks because of
this? It probably happens, but I haven't seen any evidence of it.
Why? Because the frequency of these events is so low. The MiTM has
to get the host key the *first time* you connect to a new host. So
maybe once every few years, for any given host. It's not a very
inviting target other than in cases of directed attacks, e.g.
corporate espionage.
While this ad-hoc key distribution mechanism isn't foolproof, it's
difficult to imagine how an off-path attacker could crack it. I
think something similar could be done for DNS resolvers with SIG(0).
Would it be completely secure? No. Would it be more secure than
what we have now? Possibly. My main concern would be that an
automated mechanism could be easily convinced to cache bad keys; any
proposal that worked this way would have to be designed to avoid that
pitfall.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
