undefined | Better HN

0 pointstptacek2y ago0 comments

Who cares? If you control BGP, you control the meaning of the IP addresses DNS resolves to.

0 comments

If the attacker bgp hijacks the record target they need to also bgp hijack the authoritative server that holds the TLSA record (which the client could verify during an attack).

If the attacker want to bgp hijack the authoritative server they will need to bgp hijack the TLD name servers that holds the DS posts for the authoritative server.

If the attacker want to bgp hijack the TLD name servers they will need to bgp hijack the root server that holds the DS posts for the TLD name servers. This they can't do because the root servers keys are hard coded into revolvers.

tptacekOP2y ago

None of this matters. An attacker who controls BGP controls IP routing. They can defeat ACME.

belorn2y ago

TLSA record can specify what specific hash the certificate must have (DANE-EE). You can't solve that with BGP and ACME. The certificate that you get from acme will have a different hash.

With CAA records you can also lock it down to a specific user and method (RFC 8657). How will you solve that with BGP using acme?

hsbauauvhabzb2y ago

You’re also relying on the client validating DNSSec. I have no idea if/how/when this occurs, or if you can choose to ignore it.

wlonkly2y ago

A nit, but the resolver, not the client, validates DNSSEC. The client/stub resolver trusts its local resolver. That always struck me as weird.

j / k navigate · click thread line to collapse

0 comments

belorn2y ago

If the attacker bgp hijacks the record target they need to also bgp hijack the authoritative server that holds the TLSA record (which the client could verify during an attack).

If the attacker want to bgp hijack the authoritative server they will need to bgp hijack the TLD name servers that holds the DS posts for the authoritative server.

tptacekOP2y ago

None of this matters. An attacker who controls BGP controls IP routing. They can defeat ACME.

belorn2y ago

TLSA record can specify what specific hash the certificate must have (DANE-EE). You can't solve that with BGP and ACME. The certificate that you get from acme will have a different hash.

With CAA records you can also lock it down to a specific user and method (RFC 8657). How will you solve that with BGP using acme?

hsbauauvhabzb2y ago

You’re also relying on the client validating DNSSec. I have no idea if/how/when this occurs, or if you can choose to ignore it.

wlonkly2y ago

A nit, but the resolver, not the client, validates DNSSEC. The client/stub resolver trusts its local resolver. That always struck me as weird.

j / k navigate · click thread line to collapse