undefined | Better HN

0 pointstptacek11y ago0 comments

First, I wasn't talking about HPKP, I was talking about HSTS. And TLSA is a complement to HPKP only if "the NSA and DOJ are allowed to override your pin" is an acceptable concession. It of course is not.

Second, there is no DNSSEC equivalent to HSTS. Saying that there could be one is not a very compelling argument. There could be a lot of things.

You're also wrong about the "technical" versus "political" nature of DNSSEC's ECC problem. The technical problem with DNSSEC ECC is that every additional DNSSEC resolver that gets deployed without a modern ECC signature record type makes it harder to roll out that record type in the future. Once again: even the (bad) ECC that DNSSEC already supports breaks fully 1/3rd of the DNSSEC installed base. No part of my argument involves Daniel Bernstein's opinion of the CFRG.

I'm not sure what the analog between HTTP/2 and SCTP is. SCTP is a transport protocol. It's something you'd run HTTP/2 on top of.

In any case: DNSSEC is shitty now, makes the Internet shittier, and actually has the interesting property of getting shittier the more people deploy it. Virtually nobody uses it. If DNSSEC stopped functioning today, no Fortune-500 company would notice. I'm mystified by this notion that we're past some "point of no return" with DNSSEC. We clearly are not.

0 comments

3 comments · 1 top-level

nly11y ago· 2 in thread

> Second, there is no DNSSEC equivalent to HSTS. Saying that there could be one is not a very compelling argument. There could be a lot of things.

Wrong, an SRV record for HTTPS already exists[0]. The problem is that the current recommendation is not to publish both "_https._tcp" and "_http._tcp", but to publish only the latter and let the client negotiate HTTPS using redirects and pinning. This recommendation is dumb as it doesn't solve the introduction mitm attack I originally described about 10 posts up. Browser vendors could make a statement on their SRV behaviour and agree to favour https if such a record exists.

> I'm not sure what the analog between HTTP/2 and SCTP is. SCTP is a transport protocol. It's something you'd run HTTP/2 on top of.

HTTP/2s primary achievement is to work around head-of-line blocking in TCP. SCTP already solved that problem. There is now less incentive to push HTTP/1.x streams over SCTP. The parallels are clear with DNSSEC and DNScurve. We have authentication now, it can be done (inefficiently) end-to-end. The added incentive of confidentiality weighed against the cost of a new round of redeployment isn't great. I think DNSSEC has already gone over the tipping point in the circles that ultimately matter.

> In any case: DNSSEC is shitty now, makes the Internet shittier, and actually has the interesting property of getting shittier the more people deploy it.

s~DNSSEC~HTTP/2~

> I'm mystified by this notion that we're past some "point of no return" with DNSSEC. We clearly are not.

I'm not hearing a coherent plan B from you or anyone else to solve these cross-protocol problems. HSTS and HPKP do not solve the problem of shitty CAs, DNSSEC opens to the door to a free alternative that, in the very least, means there are fewer entities we have to trust (hundreds -> a handful). HSTS and HPKP do not solve the introduction problem, DNSSEC adds some hope of helping there. What are your suggestions?

[0] http://dns-sd.org/ServiceTypes.html

tptacekOP11y ago

The existence of SRV records does not mean DNSSEC provides the same functionality as HSTS, and you yourself have already explained why. You're moving the goalposts. The argument you're rebutting is "it would be impossible to implement HSTS in DNSSEC". I didn't make that argument. My argument is: even if DNSSEC were widely deployed tomorrow, we would still need HSTS. I'm right about that.

Plan B is "do nothing". That would be a crazy plan if DNSSEC did something to solve the CA problem. It doesn't. It adds a 1483rd CA to the trust model that is heavily influenced by NSA.

Not one person has presented a coherent rebuttal to this point, despite virtually every DNSSEC proponent starting their response to my criticism "DNSSEC is not a government controlled PKI". Their arguments are all uniformly: "DNSSEC is not a government controlled PKI, except for the places like .COM and .IO, where that's exactly what it is".

nly11y ago

> My argument is: even if DNSSEC were widely deployed tomorrow, we would still need HSTS. I'm right about that.

You are, but my argument is, even if HSTS reaches 100% adoption, we still need something else.

> That would be a crazy plan if DNSSEC did something to solve the CA problem. It doesn't. It adds a 1483rd CA to the trust model that is heavily influenced by NSA.

It's naïve to think the NSA don't already have keys to a whole bunch of trusted CAs. The NSA are irrelevant to this discussion. When it comes to rogue CAs or system compromise however, having 1 CA to trust is better than X hundred. And, iirc, current browsers rightly ignore HSTS/HPKP for self-signed certs without an additional trust anchor (like DNS pinning).

Around and around we go, avoiding the key point. It's all about who you want to trust.

2 more replies

j / k navigate · click thread line to collapse