Re: [ga] Progress of DNSSEC?: Can .gov trust .com?

[Matthew Pemble <matthew@xxxxxxxxxx>]

Jeff,

On 7 June 2010 22:19, Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx> wrote:

>
> What
> bothers us is that some organizations have had DNSSEC implemented
> for some years now and uses much stronger domain keys that the
> NIST standard currently calls for simply because 256k is far
> too weak as 1024k has already been broken by the University of
> Michigan,



Do you mean this
paper<http://www.eecs.umich.edu/%7Etaustin/papers/DATE10-rsa.pdf>(Pellegrini,
Bertacco and Austin)? If not, would you please provide your
references.

I would hazard that if an attacker had physical access to the hardware of
your DNS Server, to the extent that they can copy the logic state and model
it on an FPGA, then you have rather more fundamental problems than practical
weaknesses in the use of general purpose computing hardware for
cryptographic purposes (hence, of course, the widespread use of HSMs / SCMs
in govt and finance applications.)

I would also point out that the UM attack will probably scale more-or-less
linearly with key length - as do many attacks against flawed hardware crypto
(as opposed to the geometrical scaling you would expect from a brute force
attack against a key), therefore simply using longer key lengths is not a
suitable prophylactic measure.


and as such the security that the current DNSSEC
> implimentation NIST set standard will from the beginning offer
> little protection for a ver short period of time accordingly.
>
>

One of the problems with standards implementations is that they generally
need to take account of compatibility issues, whereas wild condemnations
don't.

What is the threat model here? Are you demanding universally pristine
security? Are you trying to stop the (insert TLA of choice) spoofing your
DNS? Or just spammers and other fraudsters?

Matthew
-- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690