Re: New addresses for b.root-servers.net

[Matt Corallo <nanog () as397444 net>]

On 6/19/23 2:08 AM, Masataka Ohta wrote:
> Matt Corallo wrote:
>
> > > Both in theory and practice, DNSSEC is not secure end to
> > > end
> >
> > Indeed, but (a) there's active work in the IETF to change that (DNSSEC stapling to TLS certs)
>
> TLS? What? As was demonstrated by diginotar, PKI is NOT
> cryptographically secure and vulnerable to MitM attacks
> on intermediate intelligent entities of CAs.
>
> Note that diginotar was advertised to be operated
> with HSMs and four-eyes principle, which means
> both of them were proven to be untrustworthy
> marketing hypes.

Even more reason to do DNSSEC stapling! It avoids some of the CA issue (well, it would if you could 
make it required, I don't believe the current design is required, sadly).

> > and (b) that wasn't the point - the above post said "It’s not like you can really trust your 
> > packets going to B _today_ are going to and from the real B (or Bs)." which is exactly what DNSSEC 
> > protects against!
>
> As long as root key rollover is performed in time and
> intermediate zones such as ccTLDs are not compromised,
> maybe, which is why it is not very useful or secure.
>
> The following description
>
>      https://en.wikipedia.org/wiki/DigiNotar
>      Secondly, they issued certificates for the Dutch
>      government's PKIoverheid ("PKIgovernment") program.
>      This issuance was via two intermediate certificates,
>      each of which chained up to one of the two "Staat der
>      Nederlanden" root CAs. National and local Dutch
>      authorities and organisations offering services for the
>      government who want to use certificates for secure internet
>      communication can request such a certificate. Some of the
>      most-used electronic services offered by Dutch governments
>      used certificates from DigiNotar. Examples were the
>      authentication infrastructure DigiD and the central
>      car-registration organisation Netherlands Vehicle
>      Authority [nl] (RDW).
>
> makes it clear that entities operating ccTLDs may also
> be compromised.

This is totally unrelated to the question at hand. There wasn't a question about whether a user 
relying on trusted authorities can maybe be whacked by said trusted authorities (though there's been 
a ton of work in this space, most notably requiring CT these days), it was purely about whether we 
can rely on pure "I sent a packet to IP X, did it get to IP X", which *is* solved by DNSSEC.

I agree DNSSEC does not solve all issues with client security, but it doesn't have to, it *does* 
solve the issue of a BGP hijack against an authoritative DNS server being able to respond with 
whatever IPs it wants (and then get TLS certs because of it).

Matt