[Ach] filippo on SSL SMTP encryption

[Terje Elde]

Hi guys,

I've been lurking for a while, and figured I'd stick my neck out, and see what happens...

One thing I often see in security-discussions, is CAs and DNSSEC being discussed as two completely different - almost competing - beasts. In my opinion, that seems to quickly lead to underestimating some of the advantages of DNSSEC. 

For the sake of discussion, let me present the following argument (a bit simplified, but the point should be clear):

1. CA-validation is built on DNS, which is insecure. 

2. DNSSEC secures DNS, but only for competent users. 

3. Trustworthy CAs are competent users. 

4. Thus DNSSEC secures CA-validation. 

5. With more secure CA-validation, every user benefits, including those with no DNSSEC-support. 

6. Therefore DNSSEC can bring significant advantages to all users, even before widespread deployment of DNSSEC itself. 

Summed up; DNSSEC doesn't depend on widespread deployment to provide security gains. As long as you have deployed working DNSSEC - and the CAs use it - there are significant benefits. 


Taking a higher level look at things, you could divide deployment into phases:

Phase #1 - You deployed DNSSEC, nobody else cares. 

Even here, there are significant advatages. You could hardcode keys for your own domain to not rely on or depend on root-keys. 

Almost every ops or devops organisation I've been involved with have some kind of infrastructre-domain. A domain separate from the company-domain, mostly used for infrastructure. If you secure that with DNSSEC and add DANE/TLSA, as well as SSHFP-records, you've significantly boosted your internal security. Way too many admins get the habit of blindly accepting ssh-fingerprints, but you could automate the validation with DNSSEC/SSHFP, and have people actually be alert to issues. 

Phase #2 - You deployed DNSSEC, security-concious people start to care. 

See top-note about CAs. You'd also start seeing advatages elsewhere, but perhaps mostly for s2s-communication, https and smtp. 

Phase #3 - You deployed DNSSEC, it's starting to become a "thing"

ISPs might start deploying validating resolvers, which isn't as good as local validation, but a lot better than no validation. 

OS-vendors (Linux distros, perhaps even Apple and Mocrosoft?) might start thinking about having local caching resolvers validate by default. 

Adoption of DANE for SMTP might start to pick up, perhaps biggest boost for email-security yet. 

Phase #4 - Widespread deployment

Champaigne-drinking etc. 

And you get the advantages of no longer relying on just CAs, but have DNSSEC as well. For secure sites, you'd need to both break the CA-security, and DNSSEC-security as well, in order to spoof the server. 

What I really like here, is that the authentication-mechanisms are so differet. CAs will inspect things in a direction towards you (DNS, email, and so on) while DNSSEC is more of a "push" thing. You run and upload the keys. You can't simply use the same attacks (spoofed DNS to fake control over the domain to the CA), to compromise both paths. 
(Simplified, if you loose control over your registrar-account, some of the same attacks would apply). 


The core of the point I'm tryin to make are these two things:

A. DNSSEC and CAs are complementary, and CA-validation can benefit significantly from DNSSEC. 

B. Advantages of DNSSEC doesn't depend on widespread adoption of both DNSSEC and DANE, for HTTPS and/or SMTP. There are gains to be had from day one. 

As for the quality of DNSSEC vs. DNSCure etc, I'd rather see DNSSEC deployed, than wait forever for DNSCurve. You don't have to agree with me though. 

Terje Elde

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150402/afa52dfa/attachment.html>