<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 22px; font-family: Calibri, sans-serif;"><div>On 6/9/15, 10:24, "Casey Deccio" <<a href="mailto:casey@deccio.net">casey@deccio.net</a>> wrote:</div><span id="OLK_SRC_BODY_SECTION"><div><br></div><blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>But when you consider a downgrade attack, the attacker only needs the lowest hanging fruit. That means that *any* DS (regardless of DNSKEY) with the weaker digest type could potentially be used for falsifying a DNSKEY.</div></div></div></div></div></blockquote></span><div><br></div><div>I'm just going to throw this on the mat - perhaps we've (and I mean the loose collective of folks involved with DNSSEC over the decades) had a poor understanding of downgrade attacks (how they happen, etc.) and have poorly addressed them. Given that I've never seen one (downgrade attack) work (in practice/in the field), I've never been able to reverse engineer it. Having an academic/theoretic understanding is often times not sufficient.</div><div><br></div><div>Like learning to take down a spinnaker on a sailboat on a calm day in the dock and then expecting to execute the steps heeled over in a gale. Or learning to change a diaper on a doll and then expecting to do the same for the first time in the back seat of a car. ;) Those are two areas where cleanroom experience didn't translate to real world experience so much.</div><div><br></div><div>In general - has anyone seen an actual attack thwarted by DNSSEC? Or an attack beat a DNSSEC defense? Not looking to justify the investment, looking for the opportunity to reverse engineer.</div></body></html>