Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

[Roy Arends <roy@dnss.ec>]

On Feb 22, 2010, at 11:12 AM, Evan Hunt wrote:

>> Using NSEC instead of NSEC3 because you fear SHA1 collisions does not
>> seem sensible, as if you fear SHA1 collisions, you have other more
>> significant problems with DNSSEC to worry about, and thus this is
>> not, in my opinion, reasonable. And it isn't sensible to suggest
>> users worry about it. If we are going to mention it, it should be
>> in security considerations, saying NSEC3 is dependent upon certain
>> properties of its hash algorithm (I forget now whether it is
>> collision resistance, pre-image resistance or or what), but this
>> should also point out the whole of DNSSEC is predicated on similar
>> qualities.
> 
> +1 except for the "if".  It is mathematically possible for collisions to
> occur with one approach and not the other, and it would be irresponsible
> not to make note of the fact, even if we agree that the chances of this
> occurring in nature are negligible.

This is absurd. If we're going to do this, I'd like the security considerations to reflect all of the non-zero probabilities of errors occuring (those that have a higher probability). This includes software-bugs, hardware-bugs, probability of advances in factorization, randomness of PRNG for DNSKEYs, faulty calibration/low granularity of equipment measuring the transition between the two hyperfine levels of the ground state of the caesium 133 atom. Gravitational Sphere of Influence of the 99942 Apophis on the Gravitational orbit of GPS satelites (Still having a higher probability than hash-collisions ;-)), Drunk Sysadmins, Rouge Registrar, etc, etc.

I'm sure that it will be a very large section.

Roy