[dns-operations] Spoofing DNS with fragments
paul at redbarn.org
Tue Sep 11 21:26:40 UTC 2018
Viktor Dukhovni wrote:
> My domain has both DNSSEC and a CAA record that matches none of the
> public CAs, it'd be interesting to find out whether this is sufficient
> to help all of them to avoid issuing an unauthorized certificate.
i think what's interesting about this latest rendition of the
fragmentation attack (first told to me by florian in 2008 or so, and
independently rediscovered several times since then) is not that a proof
of concept was able to get someone to make a certificate for the
attacker using the victim's identity because dnssec was relied upon for
rather, it's that dnssec cannot be relied upon, after all. must we use
TSIG or TCP in order to actually trust the results of a dnssec lookup?
if so, then we're 23+ years into the securedns effort, and still nothing
to show for it except cost, complexity, and unreliability; and we'll
have to have another flag day after two more years of development. if
this is so, then the first thing we ought to do is, stop the KSK roll,
and the second thing we ought to do is, remove dnssec from the root zone
until a more secure design is available.
More information about the dns-operations