rdns, past and future
Dameon Wagner
dameon.wagner at it.ox.ac.uk
Wed May 27 07:38:08 EDT 2020
On Tue, May 26 2020 at 18:59:23 -0400, Jeffrey Altman scribbled
in "Re: rdns, past and future":
> On 5/26/2020 6:31 PM, Ken Dreyer wrote:
> > On Tue, May 26, 2020 at 3:58 PM Jeffrey Altman
> > <jaltman at secure-endpoints.com> wrote:
> >>
> >> 2. Before the existence of DNS SRV records, CNAME records were the
> >> only method of offering a service on multiple hosts. However,
> >> its a poor idea to share the same key across all of the hosts.
> >
> > I'm curious about this. What makes it a poor idea?
> >
> > It seems like a very convenient way to scale a service up and down
> > dynamically quickly when you share a key among all instances.
>
> Because if you hack into one of the hosts you now have the key for
> all of the hosts. The holder of the key can forge tickets for any
> user. Since the key isn't unique the entire distributed service has
> to be shutdown to address the vulnerability. It is also much harder
> to trace where the key was stolen from.
Also, as another simpler example, it can make key management more
involved, rather than more convenient:
Moving and sharing sensitive material around is awkward, but running
`ktadd` on a new cluster member is trivial -- but if you're using a
shared key across all cluster members, you've broken them all except
the newest member (as `ktadd` does an implicit randkey). I've seen
too many fresh sysadmins break things that way...
Cheers.
Dameon.
--
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Unix Platform Services
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
More information about the Kerberos
mailing list