undefined | Better HN

0 pointstptacek11y ago0 comments

Once again: you can foil domain validation with or without DNSSEC by downgrading SMTP.

Why bother with DNSSEC?

You also didn't address my ECC point upthread. Today, APNIC advises DNS administrators not to use the (crappy) P-256 ECDSA DNSSEC supports, because it breaks ~1/3rd of all resolvers. That's for the ECC variant DNSSEC actually "supports".

How exactly would you propose a rollout of Ed25519 (or equivalent) crypto in DNSSEC? Or, where is the flaw in my argument?

0 comments

nly11y ago

SMTP can be protected just as easily as HTTP.

Look, I'm not saying DNSSEC is perfect. I don't like it. I just don't see a practical alternative to solving downgrade attacks in the face of such a plethora of crappy Internet protocols.

tptacekOP11y ago

So what you're saying is DNSSEC isn't finished yet. They need to standardize some equivalent to HSTS that will actually work with browsers on real-world networks, and also some kind of record that prevents SMTP TLS downgrade.

When they do that, maybe I'll re-evaluate DNSSEC. In the meantime: the more people who deploy DNSSEC, the harder it gets to fix the broken crypto, so we should just stop.

nly11y ago

The DANE TLSA record already provides the complement to HPKP. The SRV record already provides a complement to HSTS, a convention just needs to be standardized. These HTTP header equivalents are providing a protocol-specific partial solution to a solved problem. This is much like HTTP/2 introduces a protocol specific solution to broader problems with TCP/IP. Nobody seems to care about solving problems thoroughly any more.

The choice of crappy ECC isn't really a technical problem, but a political one. The IETF are wrangling as we speak about the introduction of safe curves in to TLS. djb is lamenting the process.

Btw, I'm all for radical overhaul of the Internet stack, from TCP up, but history tells us radical changes struggle to see adoption. DNSSEC is here and it's easy to deploy (really, it is). It sucks, but it has momentum now and it isn't going away. Killing it without a political push behind a better full-stack solution is just a step backwards.

You're probably correct however in that adopting DNSSEC will reduce the chances of a better alternative making headway, just like adopting HTTP/2 is going to further reduce the chances of SCTP (or something better) adoption ever picking up.

1 more reply

j / k navigate · click thread line to collapse

0 pointstptacek11y ago0 comments

Once again: you can foil domain validation with or without DNSSEC by downgrading SMTP.

Why bother with DNSSEC?

How exactly would you propose a rollout of Ed25519 (or equivalent) crypto in DNSSEC? Or, where is the flaw in my argument?

0 comments

nly11y ago

SMTP can be protected just as easily as HTTP.

Look, I'm not saying DNSSEC is perfect. I don't like it. I just don't see a practical alternative to solving downgrade attacks in the face of such a plethora of crappy Internet protocols.

tptacekOP11y ago

When they do that, maybe I'll re-evaluate DNSSEC. In the meantime: the more people who deploy DNSSEC, the harder it gets to fix the broken crypto, so we should just stop.

nly11y ago

The choice of crappy ECC isn't really a technical problem, but a political one. The IETF are wrangling as we speak about the introduction of safe curves in to TLS. djb is lamenting the process.

1 more reply

j / k navigate · click thread line to collapse