Re: [DNSOP] DNSOPI-D Action: draft-ietf-dnsop-nsec3-guidance-02.txt

Viktor Dukhovni <> Sat, 27 November 2021 06:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D935F3A0788 for <>; Fri, 26 Nov 2021 22:13:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9ojBkZWCclC4 for <>; Fri, 26 Nov 2021 22:12:59 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7694C3A0786 for <>; Fri, 26 Nov 2021 22:12:59 -0800 (PST)
Received: by (Postfix, from userid 1001) id 93141EA76F; Sat, 27 Nov 2021 01:12:57 -0500 (EST)
Date: Sat, 27 Nov 2021 01:12:57 -0500
From: Viktor Dukhovni <>
Message-ID: <>
References: <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
Archived-At: <>
Subject: Re: [DNSOP] DNSOPI-D Action: draft-ietf-dnsop-nsec3-guidance-02.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 27 Nov 2021 06:13:01 -0000

On Fri, Nov 26, 2021 at 12:32:19PM +0100, Petr Špaček wrote:

> Also, when we are theorizing, we can also consider that resalting 
> thwarts simple correlation: After a resalt attacker cannot tell if a set 
> of names has changed or not. With a constant salt attacker can detect 
> new and removed names by their hash. (I'm not sure it is useful 
> information without cracking the hashes.)

Actually, no.  If one has previously been mostly successful at cracking
extant names in a zone, rehashing of a small set (much smaller than the
full dictionary one use) of known names is rather quick.  So old names
can be quickly identified even after a salt change.  Leaving just the
hashes of new names.

Mind you, for cracking the new names, one would still rehash the entire
dictionary when the salt changes, the number of new names to check is
not a scaling factor in the cost.  Just a table join.

So periodic resalting does raise the cost of ongoing tracking of a
zone's content, if that's the sort of thing one cares enough about.
Rarely worth it, but mostly harmless if the salt is not too long and
rotated say on each ZSK rollover.