someone might yell at me for saying this but I've never had to learn anything about DNSSEC and I'm not convinced it's in any way useful to learn for most people
Conversation
I would mention it, at least in passing - in the future, DNSSEC is going to be important, and we’ll only get there if we start doing it.
1
2
is that true? I've heard a lot of people say that DNSSEC is going to be important in the future, but I've never seen an explanation I understood for why. It seems like everyone who's really into DNSSEC thinks the CA model for TLS is broken? is that right?
1
1
There have been previous, and likely will be plenty more, vulns discovered in DNS leading to cache poisoning, etc.; false DNS records. These fake records trick users into visiting fake sites, downloading malware, or worse. DNSSEC solves that problem.
1
Replying to
why aren't you satisfied with how TLS/HSTS solves that problem? (genuinely curious!)
1
If an attacker can forge the DNS results returned to a CA, they can obtain a valid certificate for your domain. WebPKI depends on DNS security. There's no DNS security without DNSSEC. However crufty it may be, that's the basis for security on the web and even more so for email.
1
3
Email servers also don't inherently validate based on CAs. Authenticated encryption for email is provided through setting a key or certificate in DNS via a DANE TLSA record. MTS-STS is a weak alternative still depending on DNS security and works like HSTS does without preloading.
1
2
CAs aren't actually required to validate DNSSEC and certificates are issued based on showing control of the domain via unauthenticated DNS, HTTP or SMTP. Most CAs hopefully do validate DNSSEC and respect the requirement to validate the CAA record, which helps to mitigate this.
1
2
For example, consider an attacker controlling a router in between your server OR authoritative DNS server and where Let's Encrypt performs validation. That attacker can obtain a valid Let's Encrypt certificate for your domain. They may reroute traffic (BGP is insecure) to do it.
1
2
HSTS with preloading ends up requiring HTTPS for your domain. That works fine for an attacker that's able to act as a MITM between your domain and any CA. There have been attacks to steal cryptocurrency, etc. via DNS hijacking. TLS+HSTS with WebPKI doesn't protect against it.
1
2
Strongly recommend passing internet.nl for email servers, along with the havedane.net test for sending email. There's no way to secure against DNS hijacking for web browsers. Best you can do is track all certificates your servers get and monitor with CT.