IETF Logo Mail Archive

Re: [dnsext] DNSSEC, robustness, and several DS records

Matt McCutchen <matt@mattmccutchen.net> Thu, 12 May 2011 04:24 UTC

Return-Path: <matt@mattmccutchen.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E150E065D for <dnsext@ietfa.amsl.com>; Wed, 11 May 2011 21:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rekNAVuivMZW for <dnsext@ietfa.amsl.com>; Wed, 11 May 2011 21:24:06 -0700 (PDT)
Received: from homiemail-a62.g.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by ietfa.amsl.com (Postfix) with ESMTP id 535F6E06E3 for <dnsext@ietf.org>; Wed, 11 May 2011 21:24:06 -0700 (PDT)
Received: from homiemail-a62.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a62.g.dreamhost.com (Postfix) with ESMTP id F375263406E; Wed, 11 May 2011 21:24:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mattmccutchen.net; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s= mattmccutchen.net; b=EK/A/51+fswncw70AdHTnaZKCefJgoA9l6tmjEnsWH0 ZwNhCRGIkAMluX6zAuXjqaxh7XfJhShl5escLjLJ7qgRs9/ATTuW2ggcCprXiKrE sz+2Y6Te+lSuEjJGzhcq3cTM58iMoSnkn1DTHAJsjNQ5cJ+9O1XCnWPhiHW3GOA4 =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=wvXyWuGOzFerjpnbDnHQO8T0oBI=; b=Yv5FfdNeZL jiBx1maviYAG8A7D9fXjzpiWWXI+AuFg468Ry2BAik0KkOvEQH0QbVEDxTkllMja iuv0z5HhaxwsRz+hVn+NEH1JgibfdPBluDnuasIrGMyFXNiYwdHbxQJ9t44zeAxW Mbyjqeju9RNp9vK3u/P6OuNtzkd/dIId8=
Received: from [129.2.249.209] (ml2.student.umd.edu [129.2.249.209]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a62.g.dreamhost.com (Postfix) with ESMTPSA id ABC9563406C; Wed, 11 May 2011 21:24:05 -0700 (PDT)
From: Matt McCutchen <matt@mattmccutchen.net>
To: Doug Barton <dougb@dougbarton.us>
In-Reply-To: <4DCB4421.5020306@dougbarton.us>
References: <201105112250.p4BMoQZk020211@givry.fdupont.fr> <4DCB2E3F.4030701@dougbarton.us> <20110512015806.209E0EAF182@drugs.dv.isc.org> <4DCB4421.5020306@dougbarton.us>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 12 May 2011 00:24:04 -0400
Message-ID: <1305174244.2793.8.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3
Content-Transfer-Encoding: 7bit
Cc: dnsext@ietf.org
Subject: Re: [dnsext] DNSSEC, robustness, and several DS records
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2011 04:24:07 -0000

On Wed, 2011-05-11 at 19:21 -0700, Doug Barton wrote:
> On 05/11/2011 18:58, Mark Andrews wrote:
> > The senario is that you have broken SHA-1 and can construct a working
> > DNSKEY which matches what the parent is publishing but have not
> > broken SHA-256.  If you trust SHA-1 then the attack works.  It you
> > don't trust SHA-1 the attack fails.  The rfc is assuming this will
> > happen before the reverse and is telling implementors to code for
> > it as if it was a current threat.
> 
> I get that, but I think we differ on the issue of "present." If there is 
> a _working_ SHA-256 DS I agree with you completely.

If there is a working SHA-256 DS there is no issue.  The question is
what the resolver should do if it gets a DNSKEY that matches a SHA-1 DS
but doesn't match any SHA-256 DS.  It has no way to distinguish a
mistake in the SHA-256 DS data in the original zone from a downgrade
attack.

-- 
Matt

v2.23.0 | Report a Bug | By Email