[dns-operations] [Ext] real world keytag collision example
edward.lewis at icann.org
Thu Jan 17 19:08:33 UTC 2019
On 1/17/19, 12:43, "dns-operations on behalf of Wessels, Duane" <dns-operations-bounces at dns-oarc.net on behalf of dwessels at verisign.com> wrote:
> .HYUNDAI has a KSK and a ZSK that have the same keytag (17755).
Yep, I see this in my collections:
TLD RECORD FIRST SEEN LAST SEEN KEYID ALGORITHM LEN EXP'T TTL
HYUNDAI. DNSKEY-SEP 2018-12-05 2019-01-16 17755 RSA-SHA256 2048 large 1d
HYUNDAI. DNSKEY-ZONE 2018-12-19 2019-01-16 17755 RSA-SHA256 1024 large 1d
Same alg, different roles (flags), different lengths, same Key ID.
"It was a million to one shot, Doc. Million to one." : Cosmo Kramer
Or is that "a million to one" shot?
More information about the dns-operations