[dns-operations] [Ext] Re: help with a resolution

Paul Hoffman paul.hoffman at icann.org
Wed Jan 8 22:45:54 UTC 2020


On Jan 8, 2020, at 2:10 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> If I can get you to sign A, you may
> be inadvertently also signing B.

This is the crux of your argument, and the crux of every attack that leverages hash collisions. If "I" can get "you" to sign something without adding any randomness to the beginning of the signature, then you could be signing something unintended because there are multiple items with the same hash value. (To be clear: RFC 3110 doesn't add any signer randomness to the signatures, which it could have.)

However, in DNSSEC, what is the scenario where "I" can get "you" to sign an RRset? Aren't RRsets all signed by their owner, the creator of the RRset? If I'm a signer and I'm willing to sign something that I didn't create, I already have a lot of problems already.

--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3935 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200108/439e9072/attachment.bin>


More information about the dns-operations mailing list