IETF Logo Mail Archive

Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.

Florian Weimer <fweimer@bfk.de> Tue, 23 February 2010 07:18 UTC

Return-Path: <fweimer@bfk.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7708D28C4B6 for <dnsop@core3.amsl.com>; Mon, 22 Feb 2010 23:18:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.424
X-Spam-Level:
X-Spam-Status: No, score=-4.424 tagged_above=-999 required=5 tests=[AWL=-2.175, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJWtg8CpjP0S for <dnsop@core3.amsl.com>; Mon, 22 Feb 2010 23:18:25 -0800 (PST)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by core3.amsl.com (Postfix) with ESMTP id E077828C245 for <dnsop@ietf.org>; Mon, 22 Feb 2010 23:18:23 -0800 (PST)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1Njp42-0004NB-FZ; Tue, 23 Feb 2010 07:20:14 +0000
Received: by bfk.de with local id 1Njp44-0000a5-PH; Tue, 23 Feb 2010 07:20:16 +0000
To: Olaf Kolkman <olaf@NLnetLabs.nl>
References: <200904282021.n3SKL3sg051528@givry.fdupont.fr> <59A58419-FDBD-4810-B2FA-0D293FFA00A5@NLnetLabs.nl> <alpine.LFD.1.10.1001211245180.12114@newtla.xelerance.com> <1AEAE091-2EB3-41DC-A51B-8DD49C10FAD5@NLnetLabs.nl> <24C8A8E2A81760E31D4CDE4A@Ximines.local> <8E6C64ED-A336-4E8B-996F-9FB471EB07C6@NLnetLabs.nl>
From: Florian Weimer <fweimer@bfk.de>
Date: Tue, 23 Feb 2010 07:20:16 +0000
In-Reply-To: <8E6C64ED-A336-4E8B-996F-9FB471EB07C6@NLnetLabs.nl> (Olaf Kolkman's message of "Wed\, 17 Feb 2010 15\:12\:08 +0100")
Message-ID: <823a0s4dvz.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsop WG <dnsop@ietf.org>, Alex Bligh <alex@alex.org.uk>
Subject: Re: [DNSOP] rfc4641bis: NSEC vs NSEC3.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 07:18:26 -0000

* Olaf Kolkman:

> 5.3.3.  NSEC3 Salt
>
>    The salt with NSEC3 is not used to increase the work required by an
>    attacker attacking multiple domains, but as a method to enable
>    creating a new set of hash values if at some point that might be
>    required.  The salt is used as a "roll over".  The FQDN RRlabel,
>    which is part of the value that is hashed, already ensures that brute
>    force work for one RRlabel can not be re-used to attack other RRlabel
>    due to their uniquenes.
>
>    Key rollovers limit the amount of time attackers can spend on
>    attacking a certain key before it is retired.  The salt serves the
>    same purpose for the hashes, which are independant of the key being
>
>
>
> Kolkman & Gieben        Expires September 8, 2009              [Page 33]
> Internet-Draft   DNSSEC Operational Practices, Version 2      March 2009
>
>
>    used, and therefor do not change when rolling over a key.  Changing
>    the salt would cause an attacker to lose all precalculated work for
>    that zone.
>
>    The salt of all NSEC3 records in a zone needs to be the same.  Since
>    changing the salt requires the NSEC3 records to be regenerated, and
>    thus requires generating new RRSIG's over these NSEC3 records, it is
>    recommended to only change the salt when changing the Zone Signing
>    Key, as that process in itself already requires all RRSIG's to be
>    regenerated.

"However, unlike Zone Signing Key changes, NSEC3 salt changes do not
need special rollover procedures.  It is possible to change the salt
each time the zone is updated."

(Assuming that this is true, which I think it is.)

Perhaps the following is helpful as well?

5.3.5 Response size considerations

NSEC3 records are larger than NSEC records because of the embedded
hashes.  However, NSEC records are sometimes returned in response to
DO=0 queries, pushing the response over the 512 byte limit and causing
TCP fallback (or worse).  This does not happen with NSEC3 records
because their owner name does not normally match the queried name.
Therefore, NSEC3 records provide better insulation of child zones from
the DNSSEC deployment in the parent zone.

-- 
Florian Weimer                <fweimer@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

v2.23.0 | Report a Bug | By Email