Re: BIND bugs of the month (spoofing secure Web sites?)

[peterw () USA NET (Peter W)]

At 1:14am Nov 13, 1999, D. J. Bernstein wrote:

> A sniffing attacker can easily forge responses to your DNS requests. He
> can steal your outgoing mail, for example, and intercept your ``secure''
> web transactions. This is obviously a problem.

If by secure web transactions, you mean https, SSL-protected, then, no
they can't. SSL-enabled HTTP uses public keys on the server side to verify
server identity. These keys are typically signed by a Certificate
Authority (Verisign, Thawte, etc.) and clients will not trust server keys
unless they have a valid, non-expired certificate from a known, trusted
CA. Even if the attackers monitored all your network communications, they
still would not have your web server's private key and its passphrase.

While DNS spoofs may be practical, impersonating an SSL-enabled Web server
requires considerably more than lying about IP addresses.

-Peter

> We know how to solve this problem with cryptographic techniques. DNSSEC
> has InterNIC digitally sign all DNS records, usually through a chain of
> intermediate authorities. Attackers can't forge the signatures.

> Of course, this system still allows InterNIC to steal your outgoing
> mail, and intercept your ``secure'' web transactions. We know how to
> solve this problem too. The solution is simpler and faster than DNSSEC,
> though it only works for long domain names: use cryptographic signature
> key hashes as domain names.