[dnsext] BlackHat Presentation on DNSSEC Downgrade attack
Phillip Hallam-Baker <hallam@gmail.com> Thu, 11 August 2022 21:56 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 830F4C13CCD6 for <dnsext@ietfa.amsl.com>; Thu, 11 Aug 2022 14:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X_hINu5O5nrQ for <dnsext@ietfa.amsl.com>; Thu, 11 Aug 2022 14:56:35 -0700 (PDT)
Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 422BDC13CCE1 for <dnsext@ietf.org>; Thu, 11 Aug 2022 14:56:35 -0700 (PDT)
Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-10ee900cce0so23084117fac.5 for <dnsext@ietf.org>; Thu, 11 Aug 2022 14:56:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:content-language:accept-language:message-id:date :thread-index:thread-topic:subject:to:from:from:to:cc; bh=p/Ynk3mDXjMaf7f9nG8LK1R+sX3Ql45hNWBBrz1o7kg=; b=QFrVDaeKuKsLWmPVANueZ1Jmms7x1r0yK1Ff85X3fN4Lt67B9rv1Oca31e8jw4Byq6 ArMmNbjltiFhfALBDL8950nmWln5BAB1r8A7xfptKJKjyKWmyAAvjsT7sBXSDOmCmN0Y 8CcamesZdog94kx3D81fR6WQl7fNoEqncyXaA3/ZWsEVNwpb6aRhXBinnK4AnOW6D4M8 newJLkjrMtKL/aBY4DCsjqKqo72TbyJi0FE8vTHT80YKPsk4waBzymw/PSb2YR/Jvhlk YrTkqt6vLWLr3HY/i4pyIKlmPxvcel3VuKMlaQRW4lQWd/4jjxgAXNDlYsJTMu1I8Fw9 G6nA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:content-language:accept-language:message-id:date :thread-index:thread-topic:subject:to:from:x-gm-message-state:from :to:cc; bh=p/Ynk3mDXjMaf7f9nG8LK1R+sX3Ql45hNWBBrz1o7kg=; b=7wi/COOeSewpCOmcjfY3SZKq+nb3ebbu9LTMNLcJ49E551ZxbsxbcchaPJg0riORFm +MTj1bDkMbDQ5sIPQfQ3LP5D/VEvX4Nh1K+zmAAap3LRzvq26px/zbn5iZTi5X0ZlJRy 0qZEyGXt4FdYW8HkPWBblMuI2fUQGJ8mJoqD23ObWr6avPPTCFCkUcc4vhCzvMzPSL7n BMZdYeTrvSKNV13RKvpZRPIkiRPBDEa+IRjjpofF1Uig+rHO11SP/wagijOXG/Mt9dgu a3PwhlH1KGpnWEeihVhaNn3jWJlJdq67oTs+/e9E2aRfgFpw62JpqvjyyqHNiqQuH3Nd VjLQ==
X-Gm-Message-State: ACgBeo2vyRePnBQU/+VkjmdruSg2fhUU7TS8LzgEGqPqCxGwvzkcr0SG hk+PLlrZKmiyi6ctg9V+1jswNQA9gos=
X-Google-Smtp-Source: AA6agR5C8A3VY0E+PR0tS84t1dFuhyqueW1yhbunA0KjrkKck0G0ysWMXsJ8BlETnDvIfh72Qao3Nw==
X-Received: by 2002:a05:6870:e60c:b0:116:82f3:f291 with SMTP id q12-20020a056870e60c00b0011682f3f291mr406136oag.162.1660254993700; Thu, 11 Aug 2022 14:56:33 -0700 (PDT)
Received: from SN4PR17MB5814.namprd17.prod.outlook.com ([2603:1036:305:1832::5]) by smtp.gmail.com with ESMTPSA id y96-20020a9d22e9000000b006371639573bsm60265ota.7.2022.08.11.14.56.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Aug 2022 14:56:33 -0700 (PDT)
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "dns-operations@dns-oarc.net" <dns-operations@dns-oarc.net>, "dnsext@ietf.org" <dnsext@ietf.org>
Thread-Topic: BlackHat Presentation on DNSSEC Downgrade attack
Thread-Index: AQHYrcyKuf5+5aAqykubmUdlimM08w==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Thu, 11 Aug 2022 21:56:31 +0000
Message-ID: <SN4PR17MB5814C07D06BEBAE9BB3B043CF8649@SN4PR17MB5814.namprd17.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_SN4PR17MB5814C07D06BEBAE9BB3B043CF8649SN4PR17MB5814namp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/Sl1DhsfYhJfmlTEoKjb44vSogaI>
Subject: [dnsext] BlackHat Presentation on DNSSEC Downgrade attack
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 21:56:39 -0000
Looks to me like there is a serious problem here. NSEC record specifies what is signed but not the algorithm used to sign. DNSSEC allows multiple signature and digest algorithms on the same zone. If a zone does this, validators are prohibited from rejecting records only signed using one of the algorithms rather than both. Won’t go into extreme detail here as researcher’s slides will be available tomorrow. This definitely needs fixing. One near term fix is to make SHA-1 a MUST NOT. It is long past its sell-by date now. Get Outlook for iOS<https://aka.ms/o0ukef>
- [dnsext] BlackHat Presentation on DNSSEC Downgrad… Phillip Hallam-Baker
- Re: [dnsext] BlackHat Presentation on DNSSEC Down… Donald Eastlake
- Re: [dnsext] [dns-operations] BlackHat Presentati… Peter Thomassen