[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Q2: crypto algorithm requirements for DNSSEC

To: namedroppers@ops.ietf.org
Subject: RE: Q2: crypto algorithm requirements for DNSSEC
From: "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
Date: Wed, 12 Feb 2003 14:20:08 -0500

> Rip, I don't have numbers for this specific DSA question, but after a
> decade in the embedded software market I can tell you that code space
> -always- costs for low end devices, it's just economics.

Yep.  I haven't in years, but I used to do stuff in assembler for
68HC11s and such.  I guess I was hoping that memory was now "cheap"
everywhere--not that that would really be sufficient justification to
bloat DNS code with non-useful algorithms.  But read on...

> So I have to turn the question around.  Show me that keeping DSA as
> manadatory to implement is important, and I can live with it.  But
> keeping with no strong reason to believe that it buys us anything is
> bad, because code that brings no comprehensible benefit to the
> customer has this nasty tendency to be left out of the final product
> whether the spec says it's mandatory or not, at which point we have
> interoperability problems.

OK.  I agree with a previous characterization that if RSA gets
broken suddenly/cataclysmically, then DNS won't even be *close* to
the low-hanging fruit on the vulnerability tree.  I can't come up
with a convincing enough reason, at that point, why DSA is "useful
enough" to keep as a MUST IMPLEMENT--as long as we believe that letting
embedded devices drive DNSSEC choices is a Good Idea.

Whether letting embedded devices drive DNSSEC choices really *is* a
Good Idea I leave to someone with a better big picture of such things.
From my perspective, the idea that *any* embedded device is actually
expected to implement a security-aware resolver that can do its own
signature verification is ludicrous.  It seems more likely to me
that such a device would implement IPSec to some trusted "mothership"
which could provide DNSSEC resolution, or that such a device would
blow off DNSSEC entirely, than that such a device would actually make
use of SIG and KEY records.

So my counter-question, after thinking more about this, is:
Does anyone *really* think that embedded devices should drive the choices
made in writing DNSSEC specifications?  Note that the answer to that
question has implications far beyond this single issue.

Even if we don't make the choice based solely on embedded devices,
the argument that "if we have DSA implemented already then we can
recover a signed tree faster" sounds less and less useful to me.
As a result I find myself somewhere squarely in the "undecided" category
overall--so I'll hush now.

  --Rip

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Q2: crypto algorithm requirements for DNSSEC
  - From: Rob Austein <sra+namedroppers@hactrn.net>

Prev by Date: Editors question: Removal of SIG RR Presentation format TTL optimisation
Next by Date: Q-03: inclusion of KEY records in additional records section
Previous by thread: Re: Q2: crypto algorithm requirements for DNSSEC
Next by thread: Re: Q2: crypto algorithm requirements for DNSSEC
Index(es):
- Date
- Thread