Re: [dnsext] BlackHat Presentation on DNSSEC Downgrade attack
Donald Eastlake <d3e3e3@gmail.com> Thu, 11 August 2022 22:41 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0470BC15C51D for <dnsext@ietfa.amsl.com>; Thu, 11 Aug 2022 15:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.854
X-Spam-Level:
X-Spam-Status: No, score=-1.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4jwk8Ebx3JOV for <dnsext@ietfa.amsl.com>; Thu, 11 Aug 2022 15:41:36 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59B06C14F730 for <dnsext@ietf.org>; Thu, 11 Aug 2022 15:41:36 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id u1so27408565lfq.4 for <dnsext@ietf.org>; Thu, 11 Aug 2022 15:41:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=XfM5CiF1ILLD6fDfufLmYB68dNPSRW+aEB7PGTrJj9w=; b=AYCCBHS+aHvZ9XPZPzrAxNQt0fCcB1J2rFk5/7myHxtjjMOAZ+VxMgeWqWQ8U2yoV5 YZXc4K3n3TFlBVya+RZXW02R5vJx53066CT/lssatKertBENSU7YXZlqSzbtZ99X3bse j33QLv+dKwXH39CxUGgDwzAnEWnS2QDoc8Dw8YVY7EQ03b1N7N7p7Mu+OIqwEYoU1lZJ GNhPvdJ61Dw8JZttKgsZ6zyR2ugEXLr0aqZ3PAb5XGONB2ZH+nAH4QKe+nD1sfBTQsAo uMlcZEUFLnZ/rsBi2QhQwPymn1HQz8XMBQBWqrMwz2XWa85Zb7vIMn32xq++Lx8F4d0D iMSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=XfM5CiF1ILLD6fDfufLmYB68dNPSRW+aEB7PGTrJj9w=; b=cU2Y9f9nO1jbNIDD6C0rMK6y3eBG3NoLY8dvNqzzVy4Lfke2ze3hP/nqIWhftXDNNL wkX76Uq5mjIcPsW5vlR2Bpp5q4dXcCBA9BeySCM36A0NPiOfwWdIkVzgv6Cvozv6799b BrVUDfncjsVwc87Gq10vB3L2gKnKLi6uFAIlLBzJtrWUbnq0S8pB6uKkPuPLw6GS/3KC DwlKLgBqGwIi+CG4DmwvBaZ4J7kHN2DaZgNmntHzi9R905QzQMWWZarKDCEdBaI/T9ru 1y9OsUCnPJ42WvoA9cbWyE146tOxPER6x6vKAZ/kE3V72TiDk/SVfPVSLWAHQSs5ZuOm rmUw==
X-Gm-Message-State: ACgBeo1jCYyw9QsRpKtNXoz0kPVw4TrYQVFOIMESrQF/BrI0DtJoq69O tZCGf9CoLF+piUBRBjwmycpXQvbnPJjWVRQ6f+E=
X-Google-Smtp-Source: AA6agR6a7Jnms/spmEWIzuKPxtw2raWKL004SHI91hW1ZKCWHXLpdY9T8cc8SuNs81HxiUiXtS3ATREVlCm3u4LpUHc=
X-Received: by 2002:a05:6512:3147:b0:48b:3974:1fb9 with SMTP id s7-20020a056512314700b0048b39741fb9mr462306lfi.319.1660257694412; Thu, 11 Aug 2022 15:41:34 -0700 (PDT)
MIME-Version: 1.0
References: <SN4PR17MB5814C07D06BEBAE9BB3B043CF8649@SN4PR17MB5814.namprd17.prod.outlook.com>
In-Reply-To: <SN4PR17MB5814C07D06BEBAE9BB3B043CF8649@SN4PR17MB5814.namprd17.prod.outlook.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 11 Aug 2022 18:41:23 -0400
Message-ID: <CAF4+nEFvvKjA9fFswyeg-S2tU0j1E81SDgU0VbrFe8q47aoAWw@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Cc: "dns-operations@dns-oarc.net" <dns-operations@dns-oarc.net>, "dnsext@ietf.org" <dnsext@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001c746605e5feded7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/BhIBeHA4GAEmD8wmETfFOdKbOfQ>
Subject: Re: [dnsext] BlackHat Presentation on DNSSEC Downgrade attack
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 22:41:37 -0000
Maybe I'm confused but I don't see that there is any problem with NSEC. If a resolver believes in a broken algorithm, of course you are screwed. Say BK is such a broken algorithm. Assume you go to the work of specifying an using NSECbis that specifies the signing algorithm(s). If BK is broken, the attacker can just forge new NSECbis RRs signed by BK that specify BK as the signing algorithm. It is the resolver's believe in BK that is the problem. So say a zone is signed by the zone owner with both BK and a strong algorithm denoted STRONG. As long as a resolver only trusts STRONG signatures I don't see how the status of what NSECs say is signed can cause forged data to be trusted. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com On Thu, Aug 11, 2022 at 5:56 PM Phillip Hallam-Baker <hallam@gmail.com> wrote: > Looks to me like there is a serious problem here. > > NSEC record specifies what is signed but not the algorithm used to sign. > DNSSEC allows multiple signature and digest algorithms on the same zone. If > a zone does this, validators are prohibited from rejecting records only > signed using one of the algorithms rather than both. > > Won’t go into extreme detail here as researcher’s slides will be available > tomorrow. > > This definitely needs fixing. > > One near term fix is to make SHA-1 a MUST NOT. It is long past its sell-by > date now. > > > > Get Outlook for iOS <https://aka.ms/o0ukef> > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext >
- [dnsext] BlackHat Presentation on DNSSEC Downgrad… Phillip Hallam-Baker
- Re: [dnsext] BlackHat Presentation on DNSSEC Down… Donald Eastlake
- Re: [dnsext] [dns-operations] BlackHat Presentati… Peter Thomassen