RE: DNSSEC indicator from Hallam-Baker, Phillip on 2007-04-26 (public-wsc-wg@w3.org from April 2007)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Thu, 26 Apr 2007 06:22:16 -0700
To: "Dan Schutzer" <dan.schutzer@fstc.org>, "Dick Hardt" <dick@sxip.com>
Cc: "Thomas Roessler" <tlr@w3.org>, <michael.mccormick@wellsfargo.com>, <ses@ll.mit.edu>, <public-wsc-wg@w3.org>, <kjell.rydjer@swedbank.se>, <steve@shinkuro.com>, <public-usable-authentication@w3.org>, "Ben Laurie" <benl@google.com>
Message-ID: <198A730C2044DE4A96749D13E167AD370124CD6F@MOU1WNEXMB04.vcorp.ad.vrsn.com>

I think we are approaching this from the wrong angle.

Clearly DNSSEC is a feature that we need to address since it is an IETF standard that is planned for deployment within the period the recommendation is intended to be current. Not mentioning it would be rude.


There are two questions to ask here, first how many security indicators can users cope with, second what level of security indicator does DNSSEC deserve?

If the answer to the first question is essentially binary, secure/not secure then DNSSEC alone is not going to cut it.

I suspect that we end up with three levels: no indicator, padlock, enhanced. I don't think that DNSSEC alone justifies a padlock either, not unless we somehow achieve a key exchange and encrypt the link. 


There are important uses for DNSSEC, presenting a browser security indicator is not one of them. I can well imagine future security profiles that might require DNSSEC.
 

> -----Original Message-----
> From: public-usable-authentication-request@w3.org 
> [mailto:public-usable-authentication-request@w3.org] On 
> Behalf Of Dan Schutzer
> Sent: Thursday, April 26, 2007 6:52 AM
> To: 'Dick Hardt'
> Cc: 'Thomas Roessler'; michael.mccormick@wellsfargo.com; 
> ses@ll.mit.edu; public-wsc-wg@w3.org; 
> kjell.rydjer@swedbank.se; steve@shinkuro.com; 
> public-usable-authentication@w3.org; 'Ben Laurie'
> Subject: RE: DNSSEC indicator
> 
> 
> I agree. So, DNSSEC provides me both a secure link and 
> greater confidence that I am speaking to the correct domain name
> 
> -----Original Message-----
> From: public-usable-authentication-request@w3.org
> [mailto:public-usable-authentication-request@w3.org] On 
> Behalf Of Dick Hardt
> Sent: Thursday, April 26, 2007 6:19 AM
> To: Dan Schutzer
> Cc: Thomas Roessler; michael.mccormick@wellsfargo.com; 
> ses@ll.mit.edu; public-wsc-wg@w3.org; 
> kjell.rydjer@swedbank.se; steve@shinkuro.com; 
> public-usable-authentication@w3.org; Ben Laurie
> Subject: Re: DNSSEC indicator
> 
> 
> fwiw I have always envisioned the significant impact of 
> DNSSEC was to provide a "trusted" method for tying the public 
> key used in TLS to the domain name bypassing the "leaky" CA 
> infrastructure.
> 
> -- Dick
> 
> On 26-Apr-07, at 12:03 PM, Dan Schutzer wrote:
> 
> >
> > Here is my take
> >
> > If they got the mapping from the domain name to the IP address 
> > securely, it indicates that they are at the correct web 
> site (the site 
> > belonging to the url they typed in), so if they send sensitive 
> > information to the site, it is going to the correct site. 
> However, if 
> > the connection is not secured, then the information can be 
> intercepted 
> > by a man in the middle attack.
> > However,
> > if the link is TLS secured, then the information cannot be 
> intercepted 
> > in transit. To be confident one's personal information is not being 
> > stolen, one would need to look at both indicators.
> >
> > -----Original Message-----
> > From: public-usable-authentication-request@w3.org
> > [mailto:public-usable-authentication-request@w3.org] On Behalf Of 
> > Thomas Roessler
> > Sent: Thursday, April 26, 2007 5:35 AM
> > To: michael.mccormick@wellsfargo.com
> > Cc: ses@ll.mit.edu; public-wsc-wg@w3.org; kjell.rydjer@swedbank.se; 
> > steve@shinkuro.com; public-usable-authentication@w3.org
> > Subject: Re: DNSSEC indicator
> >
> >
> > (CC to the public comment list, since some folks who aren't on the
> > WG are copied on this conversation.)
> >
> > On 2007-04-13 13:33:25 -0500, 
> michael.mccormick@wellsfargo.com wrote:
> >
> >> I still think DNSSEC will be more valuable if it's visible to the
> >> end user.  True, most won't care.  But some will, especially if
> >> it can be presented in an intuitive and jargon-free fashion in
> >> the UI.
> >
> > So, a user encounters a DNSSEC indicator.  That means that they got
> > the mapping from the domain name to the IP address securely.  It
> > doesn't tell them *anything* about the security of the conversation
> > that goes on on higher protocol levels.
> >
> > On the other hand, if TLS is in place, the security of the
> > connection doesn't really depend on DNSSEC, so the presence or
> > absence of that indicator wouldn't provide any particularly useful
> > information.
> >
> > Maybe one of you guys could enlighten me what user decision such an
> > indicator would reasonably support?
> >
> > Thanks,
> > -- 
> > Thomas Roessler, W3C  <tlr@w3.org>
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 
>

Received on Thursday, 26 April 2007 13:23:35 UTC