Re: [dnsext] DS digest downgrade
"George Barwood" <george.barwood@blueyonder.co.uk> Tue, 22 March 2011 14:08 UTC
Return-Path: <george.barwood@blueyonder.co.uk>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6414728C0EC for <dnsext@core3.amsl.com>; Tue, 22 Mar 2011 07:08:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.022
X-Spam-Level: *
X-Spam-Status: No, score=1.022 tagged_above=-999 required=5 tests=[AWL=-0.173, BAYES_00=-2.599, HELO_EQ_BLUEYON=1.4, J_CHICKENPOX_13=0.6, MIME_BASE64_BLANKS=0.041, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mayecBYw3eY for <dnsext@core3.amsl.com>; Tue, 22 Mar 2011 07:08:09 -0700 (PDT)
Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by core3.amsl.com (Postfix) with ESMTP id BFC0A28C0D0 for <dnsext@ietf.org>; Tue, 22 Mar 2011 07:08:08 -0700 (PDT)
Received: from [172.23.170.147] (helo=anti-virus03-10) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1Q22HE-0007uD-Fk; Tue, 22 Mar 2011 14:09:40 +0000
Received: from [92.238.99.235] (helo=GeorgeLaptop) by asmtp-out5.blueyonder.co.uk with smtp (Exim 4.72) (envelope-from <george.barwood@blueyonder.co.uk>) id 1Q22H9-0006uM-Af; Tue, 22 Mar 2011 14:09:35 +0000
Message-ID: <2E179CBE6E604685965A33359402EFD8@local>
From: George Barwood <george.barwood@blueyonder.co.uk>
To: Derek Atkins <warlord@MIT.EDU>, Francis Dupont <Francis.Dupont@fdupont.fr>
References: <201103212338.p2LNceH6051081@givry.fdupont.fr> <sjmipvbcnt7.fsf@pgpdev.ihtfp.org>
Date: Tue, 22 Mar 2011 14:10:22 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
Cc: dnsext@ietf.org
Subject: Re: [dnsext] DS digest downgrade
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2011 14:08:10 -0000
----- Original Message ----- From: "Derek Atkins" <warlord@MIT.EDU> To: "Francis Dupont" <Francis.Dupont@fdupont.fr> Cc: "George Barwood" <george.barwood@blueyonder.co.uk>; <dnsext@ietf.org> Sent: Tuesday, March 22, 2011 1:00 PM Subject: Re: [dnsext] DS digest downgrade > Francis Dupont <Francis.Dupont@fdupont.fr> writes: > >> In your previous mail you wrote: >> >> i.e. the zone is using SHA1 DS records, admin generates new KSK, >> publishes SHA256 DS for the new KSK but doesn't publish SHA256 DS >> for the old KSK, leading to validat ion failures. >> >> => this should never happen as the rule is in fact for the >> replacement of SHA1 by SHA256 as the DS digest algorithm. >> But don't believe we are saved: there are other DS digest algos >> (and even more to come) and the mixed algo case is dangerously >> under-specified... > > It also doesn't help protect against an active man-in-the-middle who can > make sure that the validator never receives the SHA256 DS RR. > Unfortunately the validator can only validate what it receives; there's > often not a way for it to know what it should expect to receive. No, that's the whole point here. The validators gets the (signed,validated) DS from the parent zone. When it sees an algorithm in the DS RRset it expects the child zone to be signed with that algorithm and if it isn't then the result is bogus. Similarly ( as implied by RFC 4509 ) if it sees SHA256 in the DS RRset as a digest type, it expects to be able to validate the DNSKEY RRset from the child using that digest type. If that's not possible then again the result is bogus. So there is no problem, downgrade attacks are prevented, everything is good. I was just confused momentarily by the Dane message from Matt. George >> Regards >> >> Francis.Dupont@fdupont.fr > > -derek > > -- > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > warlord@MIT.EDU PGP key available
- Re: [dnsext] DS digest downgrade Derek Atkins
- [dnsext] DS digest downgrade George Barwood
- Re: [dnsext] DS digest downgrade Mark Andrews
- Re: [dnsext] DS digest downgrade George Barwood
- Re: [dnsext] DS digest downgrade Francis Dupont
- Re: [dnsext] DS digest downgrade Edward Lewis
- Re: [dnsext] DS digest downgrade Mark Andrews
- Re: [dnsext] DS digest downgrade George Barwood
- Re: [dnsext] DS digest downgrade Wes Hardaker
- Re: [dnsext] DS digest downgrade Michael Graff
- Re: [dnsext] DS digest downgrade Wes Hardaker
- Re: [dnsext] DS digest downgrade Andrew Sullivan
- Re: [dnsext] DS digest downgrade Francis Dupont
- Re: [dnsext] DS digest downgrade Joe Abley
- Re: [dnsext] DS digest downgrade Wes Hardaker
- Re: [dnsext] DS digest downgrade Andrew Sullivan
- Re: [dnsext] DS digest downgrade Wes Hardaker
- Re: [dnsext] DS digest downgrade Matt McCutchen
- Re: [dnsext] DS digest downgrade Mark Andrews
- Re: [dnsext] DS digest downgrade Matt McCutchen
- Re: [dnsext] DS digest downgrade Mark Andrews