Re: [dnsext] DNSSEC, robustness, and several DS records

Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 12 May 2011 08:00 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED968E06C2 for <dnsext@ietfa.amsl.com>; Thu, 12 May 2011 01:00:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.249
X-Spam-Level:
X-Spam-Status: No, score=-110.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KXQM1P+MinXs for <dnsext@ietfa.amsl.com>; Thu, 12 May 2011 01:00:49 -0700 (PDT)
Received: from mx2.nic.fr (mx2.nic.fr [192.134.4.11]) by ietfa.amsl.com (Postfix) with ESMTP id 04E78E0665 for <dnsext@ietf.org>; Thu, 12 May 2011 01:00:49 -0700 (PDT)
Received: from mx2.nic.fr (localhost [127.0.0.1]) by mx2.nic.fr (Postfix) with SMTP id 85FE21C0109; Thu, 12 May 2011 09:55:46 +0200 (CEST)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx2.nic.fr (Postfix) with ESMTP id 802231C00FE; Thu, 12 May 2011 09:55:46 +0200 (CEST)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69]) by relay1.nic.fr (Postfix) with ESMTP id 7D6B556812C; Thu, 12 May 2011 09:55:46 +0200 (CEST)
Date: Thu, 12 May 2011 09:55:46 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Matt McCutchen <matt@mattmccutchen.net>
Message-ID: <20110512075546.GA17883@nic.fr>
References: <201105112250.p4BMoQZk020211@givry.fdupont.fr> <4DCB2E3F.4030701@dougbarton.us> <20110512015806.209E0EAF182@drugs.dv.isc.org> <4DCB4421.5020306@dougbarton.us> <1305174244.2793.8.camel@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1305174244.2793.8.camel@localhost>
X-Operating-System: Debian GNU/Linux 6.0.1
X-Kernel: Linux 2.6.32-5-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: dnsext@ietf.org
Subject: Re: [dnsext] DNSSEC, robustness, and several DS records
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2011 08:00:50 -0000

On Thu, May 12, 2011 at 12:24:04AM -0400,
 Matt McCutchen <matt@mattmccutchen.net> wrote 
 a message of 25 lines which said:

> The question is what the resolver should do if it gets a DNSKEY that
> matches a SHA-1 DS but doesn't match any SHA-256 DS.  It has no way
> to distinguish a mistake in the SHA-256 DS data in the original zone
> from a downgrade attack.

Can you explain how such an attack could be possible? Since the DS
record set is signed, modifying the SHA-256 record to make it invalid
(so the bad guy can attack SHA-1 with clever cryptanalysis) is not
possible (unless the bad guy can attack the provisioning channel and,
in this case, you're toasted, whatever the RFC says).

[Doug Barton already made more or less the same argument, if I
understand him correctly.]