1. DNS/FCP/Let's_Encrypt

について、ここに記述してください。

Contents

  1. DNS/FCP/Let's_Encrypt
  2. きっかけ

Mitigating DNS fragmentation attack (jsha) https://community.letsencrypt.org/t/mitigating-dns-fragmentation-attack/74838

I think one mitigation (thanks to Andrew Ayer for the idea) is for target R to set the Requester’s Payload Size in EDNS(0) to a low value.

https://community.letsencrypt.org/t/edns-buffer-size-changing-to-512-bytes/77945

Summary

As of November 15th, 2018 our DNS resolvers (both staging and production) advertise an EDNS reassembly buffer size of 512 bytes. This change should not require any adjustment by subscribers.

2. きっかけ

なぜ元の指摘から5年後にLet's Encryptがこういう対応をしたのか。

きっかけになった論文はこれだろう。

https://dl.acm.org/citation.cfm?id=3243790 

Domain Validation++ For MitM-Resilient PKI
 
· Proceeding
CCS '18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Pages 2060-2076

The security of Internet-based applications fundamentally relies on the trustworthiness of Certificate Authorities (CAs).

We practically demonstrate for the first time that even a weak off-path attacker can effectively subvert the trustworthiness of popular commercially used CAs.

Our attack targets CAs which use Domain Validation (DV) for authenticating domain ownership; collectively these CAs control 99% of the certificates market.

The attack utilises DNS Cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own -- namely certificates binding the attacker's public key to a victim domain.

We discuss short and long term defences, but argue that they fall short of securing DV.

To mitigate the threats we propose Domain Validation++ (DV++).

DV++ replaces the need in cryptography through assumptions in distributed systems. While retaining the benefits of DV (automation, efficiency and low costs) DV++ is secure even against Man-in-the-Middle (MitM) attackers.

Deployment of DV++ is simple and does not require changing the existing infrastructure nor systems of the CAs.

We demonstrate security of DV++ under realistic assumptions and provide open source access to DV++ implementation.

}}}