[dns-operations] [Ext] real world keytag collision example

Edward Lewis edward.lewis at icann.org
Thu Jan 17 19:08:33 UTC 2019


On 1/17/19, 12:43, "dns-operations on behalf of Wessels, Duane" <dns-operations-bounces at dns-oarc.net on behalf of dwessels at verisign.com> wrote:

> .HYUNDAI has a KSK and a ZSK that have the same keytag (17755).  

Yep, I see this in my collections:

TLD        RECORD           FIRST SEEN  LAST SEEN KEYID ALGORITHM  LEN  EXP'T TTL
HYUNDAI.   DNSKEY-SEP       2018-12-05 2019-01-16 17755 RSA-SHA256 2048 large 1d
HYUNDAI.   DNSKEY-ZONE      2018-12-19 2019-01-16 17755 RSA-SHA256 1024 large 1d

Same alg, different roles (flags), different lengths, same Key ID.

"It was a million to one shot, Doc. Million to one." : Cosmo Kramer
(https://www.imdb.com/title/tt0098904/quotes/qt0417369)

Or is that "a million to one" shot? 





More information about the dns-operations mailing list