The Domain Name System Security Extensions (DNSSEC) add authenticity and integrity to the DNS, improving its security. Unfortunately, DNSSEC is not without problems. DNSSEC adds digital signatures to the DNS, signiﬁcantly increasing the size of DNS responses. This means DNSSEC is more susceptible to packet fragmentation and makes DNSSEC an attractive vector to abuse in ampliﬁcationbased denial-of-service attacks. Additionally, key management policies are often complex. This makes DNSSEC fragile and leads to operational failures. In this paper, we argue that the choice for RSA as default cryptosystem in DNSSEC is a major factor in these three problems. Alternative cryptosystems, based on elliptic curve cryptography (ECDSA and EdDSA), exist but are rarely used in DNSSEC. We show that these are highly attractive for use in DNSSEC, although they also have disadvantages. To address these, we have initiated research that aims to investigate the viability of deploying ECC at a large scale in DNSSEC.
Public Review for Making the Case for Elliptic Curves in DNSSEC Roland van Rijswijk-Deij, Anna Sperotto, and Aiko Pras Like many of the Internet’s protocols, DNS was designed without security in mind. Given its central role in translating human readable names into IP addresses, it constitutes an achilles heel in terms of Internet security. This fact has not gone unnoticed, with active development on DNS Security Extensions (DNSSEC) which adds integrity and authenticity to the DNS, by digitally signing DNS data. However, DNSSEC deployment has been lackluster. The authors argue that there are three problems at the core of the deployment impasse: DNSSEC responses are large which can result in (1) IP fragmentation and (2) open the door for DDoS based on DNSSEC. Third, key management complexities can result in domains becoming unreachable. The authors argue that the choice of RSA for DNSSEC is at the heart of these problems and they evaluate the potential benefits of leveraging elliptic curve cryptography (ECC) instead to ameliorate these issues. The reviewers appreciated the data-driven approach taken in this paper using data from a real network to evaluate the potential gains of ECC. They found the arguments for ECC were convincing with empirical evaluations of how ECC can help mitigate threats such as amplification attacks as well as key rollover management issues. The reviewers also raised open questions about the transition to ECC from RSA and how the two signature schemes could co-exist during the transition period. The potential overheads of verification for ECC signatures was also raised. The reviewers agree that the problem tackled in this paper is an important one, and the data-driven approach provides a convincing argument for ECC. The work also raises interesting questions about how a transition to ECC would occur in practice and whether there are other factors hindering deployment aside from the issues raised about RSA.