1 March firstname.lastname@example.org PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an SSH host public key for remote login. n Used an IMAP certificate to download email. n Received a PGP signed email message. n Accessed a secure website using an SSL certificate. l Proposed Infrastructure PKI related actions: n Secure BGP would use PKI to protect Internet routes. n Secure DNS would use PKI to protect Internet names.
1 March email@example.com The Need for a Secure Infrastructure Internet c.gtld-servers.net BGP monitor 184.108.40.206 originates route to 192.26.92/24 l BGP and DNS Provide No Authentication n Lack of BGP authentication misdirected DNS queries. –This happens to be DNS traffic, but could be email, web, etc. n Server could have replied with false DNS data. ISPs announced new path for 20 minutes to 3 hours 1 of 13 DNS servers For com/net/org
1 March firstname.lastname@example.org The PKI Solution l Routing: sign the routing updates n Use public key cryptography to verify the origin is allowed to originate the path. n Have each node sign its next link in the route (to prove the path is valid) n S-BGP (Kent/BBN), SoBGP (White/Cisco) l DNS: sign the DNS response n DNSSEC (IETF DNSEXT Working Group)
1 March email@example.com Secure DNS Query and Response Caching DNS Server End-user www.darpa.mil A = 220.127.116.11 www.darpa.mil RRSIG(A) = [signature by darpa.mil private key] Attacker can not forge this answer without knowing the darpa.mil private key. Authoritative DNS Servers
1 March firstname.lastname@example.org So What’s the Problem? l Was my IPCCC use of PKI worthwhile? n SSH reported “host key has changed” –Has anyone ever rejected a key due to this message? n The IMAP email certificate I used was self-signed. –Who should have signed this certificate? n I did not verify the PGP key for the signed email. –How would I do this effectively? PGP key servers?? n Should I have checked the web SSL certificate? l No deployment of infrastructure (DNS,BGP) PKIs.
1 March email@example.com Limitations of PKI Deployment l The theoretical promise of PKI technology greatly exceeds the deployed use. n Fundamental key management issues remain l Effectively Deployment Requires n Mechanism for learning the public key n Mechanism for changing the public key n Limit damage of compromised key (revocation?) l Claim this can only work in strong hierarchy.
1 March firstname.lastname@example.org Steps To Real Deployment l S-BGP: create a hierarchy where none exists. n Who signs you are allowed to announce this prefix? n How do you distribute the database? l Secure DNS overlays PKI on the DNS tree. n Simple structure in theory –Root key signs the com, net, org, edu, uk, etc, keys –Com key signs the cisco.com, ibm.com, foo.com keys –Cisco.com key signs research.cisco.com, www.cisco.com n But this assumes the entire tree deploys DNSSEC.
1 March email@example.com DNS: The PKI Of The Future (?) l Can use a signed DNS as the missing PKI. n Store ssh host keys in the DNS along with host IP address (IETF working group for this) n Store SSL and IMAP certificates in the DNS (DNS CERT record is already defined) n Store PGP email keys in the DNS (Functionality revoked by Massey and Rose) l What is wrong with the picture? n No revocation mechanism n Will this create a PKI or break the DNS? n Is the DNS an appropriate trust model?