<div dir="ltr">Maybe I'm confused but I don't see that there is any problem with NSEC. If a resolver believes in a broken algorithm, of course you are screwed. Say BK is such a broken algorithm. Assume you go to the work of specifying an using NSECbis that specifies the signing algorithm(s). If BK is broken, the attacker can just forge new NSECbis RRs signed by BK that specify BK as the signing algorithm. It is the resolver's believe in BK that is the problem.<div><br></div><div>So say a zone is signed by the zone owner with both BK and a strong algorithm denoted STRONG. As long as a resolver only trusts STRONG signatures I don't see how the status of what NSECs say is signed can cause forged data to be trusted.</div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Thanks,<br>Donald<br>===============================<br> Donald E. Eastlake 3rd +1-508-333-2270 (cell)<br> 2386 Panoramic Circle, Apopka, FL 32703 USA<br> <a href="mailto:d3e3e3@gmail.com" target="_blank">d3e3e3@gmail.com</a></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 11, 2022 at 5:56 PM Phillip Hallam-Baker <<a href="mailto:hallam@gmail.com">hallam@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div dir="ltr">
<div></div>
<div>
<div>Looks to me like there is a serious problem here.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">NSEC record specifies what is signed but not the algorithm used to sign. DNSSEC allows multiple signature and digest algorithms on the same zone. If a zone does this, validators are prohibited from rejecting records only signed using one of the
algorithms rather than both.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Won’t go into extreme detail here as researcher’s slides will be available tomorrow.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">This definitely needs fixing.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">One near term fix is to make SHA-1 a MUST NOT. It is long past its sell-by date now. </div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
<div id="gmail-m_-8774358660093052638ms-outlook-mobile-signature">
<div><br>
</div>
Get <a href="https://aka.ms/o0ukef" target="_blank">Outlook for iOS</a></div>
</div>
</div>
</div>
_______________________________________________<br>
dnsext mailing list<br>
<a href="mailto:dnsext@ietf.org" target="_blank">dnsext@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/dnsext" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/dnsext</a><br>
</blockquote></div>