IETF Logo Mail Archive

Re: [dnsext] DNSSEC, robustness, and several DS records

Matt McCutchen <matt@mattmccutchen.net> Fri, 13 May 2011 01:48 UTC

Return-Path: <matt@mattmccutchen.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A4FBE065A for <dnsext@ietfa.amsl.com>; Thu, 12 May 2011 18:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MjZP7P7ezLSY for <dnsext@ietfa.amsl.com>; Thu, 12 May 2011 18:48:18 -0700 (PDT)
Received: from homiemail-a38.g.dreamhost.com (caiajhbdcagg.dreamhost.com [208.97.132.66]) by ietfa.amsl.com (Postfix) with ESMTP id 306D2E0593 for <dnsext@ietf.org>; Thu, 12 May 2011 18:48:17 -0700 (PDT)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id B661E10AFAB; Thu, 12 May 2011 18:48:17 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mattmccutchen.net; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s= mattmccutchen.net; b=Dge/znttSI8phjfhjZrWPTALCJjBP9sg9BE4WLpkUEy QW7jUJLIAIvTROJ9z04iqrDg0DBeKBvSD+zh3II6FnobuhiwZLoOUHxdO1mmxnWu 6zpjHsj1Tpzc34YLjrl8P8oZtd8GfgPIjGZCsztfdAAwEhLhbUVDIB9goO1co7h0 =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=5/aYnClAfac9HAQUdG8+vSA5Ezk=; b=tbl+3PbghO iqsjCJP1pB4sEITvByoi6OSzRjAB3ESMbL9BBCKo/IdjfXkRph/xqHzMt1+363iR YFS7SXArVmVaLAqiVbwbQK7ZyGFt5KfH+mhluBjin21jYyAZeqS/6OnwYt8Xfr9/ 09k5UNcy2ZKGqyVCArlbWd17R3z3S1XCI=
Received: from [129.2.249.209] (ml2.student.umd.edu [129.2.249.209]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 504A910AFA5; Thu, 12 May 2011 18:48:17 -0700 (PDT)
From: Matt McCutchen <matt@mattmccutchen.net>
To: Doug Barton <dougb@dougbarton.us>
In-Reply-To: <4DCC2F7C.9020100@dougbarton.us>
References: <201105112250.p4BMoQZk020211@givry.fdupont.fr> <4DCB2E3F.4030701@dougbarton.us> <20110512015806.209E0EAF182@drugs.dv.isc.org> <4DCB4421.5020306@dougbarton.us> <1305174244.2793.8.camel@localhost> <20110512075546.GA17883@nic.fr> <4DCB9855.7020805@nlnetlabs.nl> <alpine.LSU.2.00.1105121524400.19348@hermes-2.csi.cam.ac.uk> <4DCC2F7C.9020100@dougbarton.us>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 12 May 2011 21:48:15 -0400
Message-ID: <1305251295.4426.17.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3
Content-Transfer-Encoding: 7bit
Cc: dnsext@ietf.org
Subject: Re: [dnsext] DNSSEC, robustness, and several DS records
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2011 01:48:22 -0000

On Thu, 2011-05-12 at 12:05 -0700, Doug Barton wrote:
> [...] So if both work, 
> sure, disregard SHA-1. Otherwise, go with what works.

While you have defended your position amply, in your description you
continue to gloss over the issue.  The resolver does not know whether
the SHA-256 DS is "working" (it has no way to distinguish a
"non-working" SHA-256 DS from malicious replacement of the DNSKEY), so
what you literally stated above is unimplementable.  What I believe you
are really proposing, to honor the SHA-1 DS if the SHA-256 DS does not
match /for any reason/, is only as secure as the second preimage
resistance of SHA-1.

I just wanted to make sure this is clear in everyone's mind.

-- 
Matt

v2.23.0 | Report a Bug | By Email