| |
| ▲ | twelvedogs 6 hours ago | parent | next [-] | | The difference is DNS provides a fairly obvious up side | | |
| ▲ | gzread an hour ago | parent [-] | | Actually, does it? Yes, the obvious upside when I type in slack.com instead of 123.45.56.67 is very good. Does this same upside apply to addresses I don't type in? What's actually the advantage of addressing one of foobarcorp's infinitude of servers uasing the string "123-45-57-78.slp05.mus.foobar.com" instead of "123.45.57.78"? It seems to just waste bytes. And most communication is of the latter sort - an app talking to its own servers managed by the same company. |
| |
| ▲ | growse 7 hours ago | parent | prev [-] | | > As if DNS isn't a major contributing to A LOT of downtime. That doesn't mean it's not worth doing not investing in making deployment more seamless and less error prone. Ah yes. Let's take something that's prone to causing service issues and strap more footguns to it. It's not worth it, because the cost is extremely quantifiable and visible, whereas the benefits struggle to be coherent. | | |
| ▲ | indolering 6 hours ago | parent [-] | | The benefits are huge: there are lots of attacks that DNSSEC trivially prevents and it would help secure more than just web browsers. | | |
| ▲ | ekr____ 6 hours ago | parent [-] | | Can you expand on this a bit, under the assumption that the traffic is using some form of transport security (e.g., TLS, SSH, etc.)? | | |
| ▲ | indolering 4 hours ago | parent [-] | | DNS underlies domain authority and the validity of every connection to every domain name ultimately traces back to DNS records. The amount of infra needed to shore up HTTPS is huge and thus SSH and other protocols rely on trust-on-first-use (unless you manually hard-code public keys yourself - which doesn't happen). DNS offers a standard, delegable PKI that is available to all clients regardless of the transport protocol. With DNSSEC, a host with control over a domain's DNS records could use that to issue verifiable public keys without having to contact a third party. I ran into this while working on decentralized web technologies and building a parallel to WebPKI just wasn't feasible. Whereas we could totally feed clients DNSSEC validated certs, but it wasn't supported. | | |
| ▲ | ekr____ 4 hours ago | parent [-] | | Thanks for the explanation. It seems like there are two cases here: 1. Things that use TLS and hence the WebPKI
2. Other things. None of what you've written here applies to the TLS and WebPKI case, so I'm going to take it that you're not arguing that DNSSEC validation by clients provides a security improvement in that case. That leaves us with the non-WebPKI cases like SSH. I think you've got a somewhat stronger case there, but not much of one, because those cases can also basically go back to the WebPKI, either directly, by using WebPKI-based certificates, or indirectly, by hosting fingerprints on a Web server. | | |
| ▲ | tptacek 4 hours ago | parent | next [-] | | In practice, fleet operators run their own PKIs for SSH, so tying them to the DNSSEC PKI is a strict step backwards for SSH security. There may be other applications where a global public PKI makes sense; presumably those applications will be characterized by the need to make frequent introductions between unrelated parties, which is distinctly not an attribute of the SSH problem. | | |
| ▲ | indolering 4 hours ago | parent [-] | | And for everyone else that just wants to connect to an SSH session without having to setup PKI themselves? Tying that to the records used to find the domain seems like the obvious place to put that information to me! DNSSEC lets you delegate a subtree in the namespace to a given public key. You can hardcode your DNSSEC signing key for clients too. Don't get me started on how badly VPN PKI is handled.... | | |
| ▲ | tptacek 4 hours ago | parent [-] | | Yes, modern fleetwide SSH PKIs all do this; what you're describing is table stakes and doesn't involve anybody delegating any part of their security to a global PKI run by other organizations. The WebPKI and DNSSEC run global PKIs because they routinely introduce untrusting strangers to each other. That's precisely not the SSH problem. Anything you do to bring up a new physical (or virtual) involves installing trust anchors on it; if you're in that position already, it actually harms security to have it trust a global public PKI. The arguments for things like SSHFP and SSH-via-DNSSEC are really telling. It's like arguing that code signing certificates should be in the DNS PKI. | | |
| ▲ | indolering 3 hours ago | parent [-] | | DNSSEC PKI does not preclude one from hardcoding specific keys in the client as well. Providing global PKI and enabling end-to-end authentication by default for all clients and protocols certainly would make the internet a safer place. | | |
| ▲ | tptacek 3 hours ago | parent [-] | | So now we're running two PKIs? What does the second one do? Why not three? | | |
| ▲ | indolering 3 hours ago | parent [-] | | I would really appreciate it if you would respond to my points instead of just moving on to another argument. Do you hardcode Github and AWS keys in your SSH config? Do you think it would be beneficial to global security if that happened automatically? | | |
| ▲ | tptacek 3 hours ago | parent [-] | | No, we run a fleet with thousands of physicals and hundreds of thousands of virtuals, of course we don't hardcode keys in our SSH configuration. Like presumably every other large fleet operator, we solve this problem with an internal SSH CA. Further, I haven't "moved on to another argument". Can you answer the question I just asked? If I have an existing internal PKI for my fleet, what security value is a trust relationship with DNSSEC adding? Please try to be specific, because I'm having trouble coming up with any value at all. |
|
|
|
|
|
| |
| ▲ | indolering 4 hours ago | parent | prev [-] | | > None of what you've written here applies to the TLS and WebPKI case, so I'm going to take it that you're not arguing that DNSSEC validation by clients provides a security improvement in that case. It would benefit the likes of Wikileaks. You could do all the crypto in your basement with an HSM without involving anyone else. > That leaves us with the non-WebPKI cases like SSH. I think you've got a somewhat stronger case there, but not much of one, because those cases can also basically go back to the WebPKI, either directly, by using WebPKI-based certificates, or indirectly, by hosting fingerprints on a Web server. But do they? That requires adding support for another protocol. I would like to live in a world where I don't have to copy/paste SSH keys from an AWS console just to have the piece-of-mind that my SSH connection hasn't been hijacked. |
|
|
|
|
|
|
