Linked by Thom Holwerda on Mon 5th Sep 2011 22:26 UTC
Privacy, Security, Encryption So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.
Thread beginning with comment 488772
To view parent comment, click here.
To read all comments associated with this story, please click here.
Lennie
Member since:
2007-09-22

(as you liked informed posts, here some more ;-))

Well, DNSSEC isn't just new types, certain types belong with each other. Which are the signatures and the data and flags. Which changes how the basic protocol works. The signatures also make the packets larger, a lot of the times larger than the old DNS limit.

The operating system change is an extra API-call (or change) to allow an application to request signed-answers.

So the operating system will request signed answers from the nameservers. Obviously the nameservers need to be upgraded to understand it to respond with signed answers if available as well.

On this page there is a presentation "DNSSEC Support by Home Routers", which might give you an idea about what the problems are with DSL-routers:

http://ripe60.ripe.net/archives.php?day=thursday

This is the PDF:

http://ripe60.ripe.net/presentations/Dietrich-DNSSEC_Support_by_Hom...

Basicely they can't handle the DNSSEC flags, they don't have large DNS-UDP-packet-support and can't handle the fallback method: TCP. It pretty much was never needed for regular DNS.

As you may know many of these DSL-routers have their own DNS-server and that is what is communicated over DHCP to the hosts behind the DSL-router. So they use the DNS-server and that is usually the one that can't handle all this.
____

The root keys are both, in a locked machine called an 'HSM' which can be used for signing.

And for safety a copy of the key has been split up in 7 slightly overlapping parts and is kept by different people from around the world (Paul Kane (Great Britain) Dan Kaminsky (United States), Jiankang Yao (China), Moussa Guebre (Burkina Faso), Bevil Wooding (Trinidad and Tobago), Ondrej Sury (Czech Republic), Norm Ritchie (Canada)).

New keys are generated every few years, anyway have a look here:

http://www.root-dnssec.org/wp-content/uploads/2010/06/draft-icann-d...
http://www.root-dnssec.org/documentation/

It probably explains it better than I do. I just type what I think is right from memory. :-)

And the video and documentation of the Key-singing are here:

https://data.iana.org/ksk-ceremony/

__________

Anyway a possible solution might be to use Convergence:

http://www.youtube.com/watch?v=Z7Wl2FW2TcA
http://convergence.io/

This basis system is where the browser asks others on the Internet if they see the same certificate.

With Convergence however the browser can ask for other information as well. So DNSSEC could be one of the things it asks about.

Even when you are in a network or on an operating system that does not support DNSSEC.

Edited 2011-09-07 22:56 UTC

Reply Parent Score: 2

Alfman Member since:
2011-01-28

Lennie,

Wow, how did you hear about convergence?

The convergence website is unfortunately void of details. However the youtube clip seems to tackle everything we've talked about here... great find! Definitely a very interesting approach, and I am very impressed overall - it's a great look at the CS theory to see what's possible.

He says you can configure notaries to verify the CA signatures cryptographically as normal, but I'm honestly not sure what this mode buys us. What difference does it make whether the CA cert is validated in my browser or on a trusted notary server?

The concept which I find most novel is the "perspective verification", which verifies that my notaries are seeing the same (unverified) SSL certificate as myself. If I am the target of a middle man attack where the SSL certs in my traffic are forged, then the discrepancy would be detected with my notaries.

Hypothetically though, it could be pretty easy for a backbone provider or a country like china to do a man-in-the-middle such that all the notaries I have access to are compromised in the same way. This problem does not exist today with CA SSL.

Reply Parent Score: 2

Lennie Member since:
2007-09-22

Lennie,

Wow, how did you hear about convergence?


I don't remember, but I only looked into it recently. Thinking it was very similair to the Perspectives project: http://perspectives-project.org/

Which pretty much only handles the man-in-the-middle-attack.

He says you can configure notaries to verify the CA signatures cryptographically as normal, but I'm honestly not sure what this mode buys us. What difference does it make whether the CA cert is validated in my browser or on a trusted notary server?


I'm not sure what you meant about what he said.

But here are the basics about how it should work as I understand it:
- based on the idea of the Perspectives project the fight the MitM-attacks
- adds privacy by allowing connections to the notaries to be proxied
- adds trust agility. A way to realtime blacklist certificates, CA's.

I think he means you can have a second or third CA also vouch for a certificate. Maybe that was the part you meant ?

Anyway, there are a lot of different things a notary could check for which makes it very flexible.

Reply Parent Score: 2