I find most of these arguments to be pretty weak TBH. From the first article:
> All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure.
This isn't strictly true. It's true that TLS makes DNS spoofing ineffective against end-users, but CAs still have to rely on domain validation to decide who to issue TLS certs to in the first place, and domain validation, in turn, relies on DNS lookups being secure.
> And governments control the DNS.
This is true, but that's an argument for not securing DNS, it's an argument for replacing DNS entirely. Governments control DNS regardless of whether or not DNSSEC is deployed.
> DNSSEC is Cryptographically Weak
No it isn't. Current implementations of DNSSEC are cryptographically weak, but DNSSEC itself is not. The solution to this is to deploy new, stronger keys (like Cloudflare is doing[1]), not to get rid of DNSSEC entirely.
> DNSSEC is Expensive To Adopt [..] DNSSEC is Expensive To Deploy
This is true of all security measure to some extent. TLS was expensive to adopt and deploy prior to the advent of free, automated CAs like Let's Encrypt. The solution to these problems is to build tools and systems which make DNSSEC easier to adopt and deploy, not to abandon it entirely.
-
The rest of the arguments on that page are reasonable criticisms of specific elements of DNSSEC's design (some of which could be improved by changes to DNSSEC's design or implementation), but I don't really see them as show-stoppers. If there were a better alternative to DNSSEC available I would find these arguments much more persuasive, but since the only alternative seems to be not securing DNS records at all any small design flaws seem pretty minor in comparison.
I love it when people bring up Cloud Flare's DNSSEC.
First, Cloud Flare's curve-based DNSSEC is itself already obsolete. New designs don't use the P-curves, which are difficult to implement safely, and they don't use DSA, which is also brittle and dangerous. For the last 10 years, the mainstream state of the art has been twist-secure curves like Curve25519 and Schnorr-type signature schemes like EdDSA.
But equally importantly: the overwhelming majority of new DNSSEC deployments today use RSA.
Modern cryptography is nowhere on the horizon for DNSSEC. A concerted industrywide effort to use a safer signature scheme wouldn't see widespread deployment before 2030.
I also read the first article, and that was also my impression. Given that these argumernts are very week, I have a hard time imagining someone campaigning against DNSSEC.
>> And governments control the DNS.
> This is true, but that's an argument for not securing DNS, it's an argument for replacing DNS entirely. Governments control DNS regardless of whether or not DNSSEC is deployed.
I particularly agree on that point. DNS should be replaced by something better at some point, likely based on pet names. However, I strictly prefer a government-controlled system over a corporate-controlled one.
DNSSEC improves over some of the shortcomings, but not all.
> All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure.
This is true, however we are still far from https everywhere, as browsers default to http. There are a few weaker arguments that can be made against this one.
The reliability hit is almost certainly the major reason, followed by the administrative hassle (you might be as surprised as I was, after joining Fly and writing about our certificate infrastructure, what a giant hassle TLS certificate management is to bigger companies --- and that's just TLS, which is simpler to manage than DNSSEC).
But against that you have to pit the marginal --- practically nonexistent --- security benefit you'd get from all the work you'd put in.
14 comments
[ 39.5 ms ] story [ 133 ms ] threadHonestly, CSO folks. If you want my e-mail, try a bit harder than two paragraphs of text and a popup. Yes, I'm your target audience.
It's opt-in at every registrar I've used, although it seems like a no-brainer to me? What am I missing?
As an aside, I like DoH, but dislike the fact that my web browsers then don't use /etc/hosts. Is there a way to provide it at the system level?
https://sockpuppet.org/blog/2015/01/15/against-dnssec/
https://sockpuppet.org/stuff/dnssec-qa.html
https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con...
> All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure.
This isn't strictly true. It's true that TLS makes DNS spoofing ineffective against end-users, but CAs still have to rely on domain validation to decide who to issue TLS certs to in the first place, and domain validation, in turn, relies on DNS lookups being secure.
> And governments control the DNS.
This is true, but that's an argument for not securing DNS, it's an argument for replacing DNS entirely. Governments control DNS regardless of whether or not DNSSEC is deployed.
> DNSSEC is Cryptographically Weak
No it isn't. Current implementations of DNSSEC are cryptographically weak, but DNSSEC itself is not. The solution to this is to deploy new, stronger keys (like Cloudflare is doing[1]), not to get rid of DNSSEC entirely.
> DNSSEC is Expensive To Adopt [..] DNSSEC is Expensive To Deploy
This is true of all security measure to some extent. TLS was expensive to adopt and deploy prior to the advent of free, automated CAs like Let's Encrypt. The solution to these problems is to build tools and systems which make DNSSEC easier to adopt and deploy, not to abandon it entirely.
-
The rest of the arguments on that page are reasonable criticisms of specific elements of DNSSEC's design (some of which could be improved by changes to DNSSEC's design or implementation), but I don't really see them as show-stoppers. If there were a better alternative to DNSSEC available I would find these arguments much more persuasive, but since the only alternative seems to be not securing DNS records at all any small design flaws seem pretty minor in comparison.
[1]: https://www.cloudflare.com/dns/dnssec/ecdsa-and-dnssec/
First, Cloud Flare's curve-based DNSSEC is itself already obsolete. New designs don't use the P-curves, which are difficult to implement safely, and they don't use DSA, which is also brittle and dangerous. For the last 10 years, the mainstream state of the art has been twist-secure curves like Curve25519 and Schnorr-type signature schemes like EdDSA.
But equally importantly: the overwhelming majority of new DNSSEC deployments today use RSA.
Modern cryptography is nowhere on the horizon for DNSSEC. A concerted industrywide effort to use a safer signature scheme wouldn't see widespread deployment before 2030.
>> And governments control the DNS.
> This is true, but that's an argument for not securing DNS, it's an argument for replacing DNS entirely. Governments control DNS regardless of whether or not DNSSEC is deployed.
I particularly agree on that point. DNS should be replaced by something better at some point, likely based on pet names. However, I strictly prefer a government-controlled system over a corporate-controlled one.
DNSSEC improves over some of the shortcomings, but not all.
> All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure.
This is true, however we are still far from https everywhere, as browsers default to http. There are a few weaker arguments that can be made against this one.
Google, Amazon, Facebook, Twitter, Microsoft, Netflix, etc. don't have DNSSEC enabled for their domains.
Is it as simple as they're just concerned about the occasional DNS request failing to do DNSSEC issues and thus reducing precious traffic?
But against that you have to pit the marginal --- practically nonexistent --- security benefit you'd get from all the work you'd put in.
Everyone has more important things to do.
[1] https://techcommunity.microsoft.com/t5/networking-blog/windo...
[2] https://nlnetlabs.nl/projects/unbound/about/
[3] https://developers.cloudflare.com/1.1.1.1/dns-over-https/clo...