Re: [ga] Progress of DNSSEC?: Can .gov trust .com?

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

Matthew, 
 
I would like to know: Do you think this DNSSEC process is being advanced in 
good faith?

Do you think that the parties are trying to advance something beneficial to the 
Internet or their own agendas??  (I am aware there is no black and white - but 
weighing the two?)
--- On Tue, 6/8/10, Matthew Pemble <matthew@xxxxxxxxxx> wrote:


From: Matthew Pemble <matthew@xxxxxxxxxx>
Subject: Re: [ga] Progress of DNSSEC?: Can .gov trust .com?
To: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
Cc: ga@xxxxxxxxxxxxxx
Date: Tuesday, June 8, 2010, 12:08 AM


Jeff,


On 7 June 2010 22:19, Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx> wrote:


What
bothers us is that some organizations have had DNSSEC implemented
for some years now and uses much stronger domain keys that the
NIST standard currently calls for simply because 256k is far
too weak as 1024k has already been broken by the University of
Michigan, 


Do you mean this paper (Pellegrini, Bertacco and Austin)? If not, would you 
please provide your references. 

I would hazard that if an attacker had physical access to the hardware of your 
DNS Server, to the extent that they can copy the logic state and model it on an 
FPGA, then you have rather more fundamental problems than practical weaknesses 
in the use of general purpose computing hardware for cryptographic purposes 
(hence, of course, the widespread use of HSMs / SCMs in govt and finance 
applications.)

I would also point out that the UM attack will probably scale more-or-less 
linearly with key length - as do many attacks against flawed hardware crypto 
(as opposed to the geometrical scaling you would expect from a brute force 
attack against a key), therefore simply using longer key lengths is not a 
suitable prophylactic measure.



and as such the security that the current DNSSEC
implimentation NIST set standard will from the beginning offer
little protection for a ver short period of time accordingly.



One of the problems with standards implementations is that they generally need 
to take account of compatibility issues, whereas wild condemnations don't.

What is the threat model here? Are you demanding universally pristine security? 
Are you trying to stop the (insert TLA of choice) spoofing your DNS? Or just 
spammers and other fraudsters?

Matthew
-- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690