[dns-operations] DNSSEC issue - why?
Casey Deccio
casey at deccio.net
Tue Jun 9 14:24:27 UTC 2015
On Tue, Jun 9, 2015 at 5:55 AM, Edward Lewis <edward.lewis at icann.org> wrote:
> On 6/9/15, 3:12, "Kevin Chen" <kchen at mit.edu> wrote:
>
> >>
> >>which looks quite simple, however the KSK DNSKEY from hollington.ca is
> >> part of the DS set. The only notable part of the DS set is that it
> >> contains 4 keys, among which is an older (?) with a longer hash.
> >
> >RFC 4509 says:
> >
> > Implementations MUST support the use of the SHA-256 algorithm in DS
> > RRs. Validator implementations SHOULD ignore DS RRs containing SHA-1
> > digests if DS RRs with SHA-256 digests are present in the DS RRset.
> >
> >I assume the various resolvers are making different choices with regard
> >to SHOULD.
>
> Hmmm, I would have never interpreted that requirement that way. I always
> had in mind "per key."
The example in the RFC seems to present it that way as well. That might be
part of the problem (I had interpreted it--and implemented it--that way).
o A zone includes multiple DS records for a given child's DNSKEY,
each of which uses a different digest type.
o A validator accepts a weaker digest even if a stronger one is
present but invalid.
But when you consider a downgrade attack, the attacker only needs the
lowest hanging fruit. That means that *any* DS (regardless of DNSKEY) with
the weaker digest type could potentially be used for falsifying a DNSKEY.
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150609/f8ef0f8c/attachment.html>
More information about the dns-operations
mailing list