Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Stephane Bortzmeyer <> Wed, 02 April 2014 13:48 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 81E001A0204 for <>; Wed, 2 Apr 2014 06:48:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.56
X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ABB_7rrEWIS9 for <>; Wed, 2 Apr 2014 06:47:56 -0700 (PDT)
Received: from ( [IPv6:2001:67c:2218:2::4:12]) by (Postfix) with ESMTP id 27FCB1A01D9 for <>; Wed, 2 Apr 2014 06:47:56 -0700 (PDT)
Received: from (localhost []) by (Postfix) with SMTP id 31EAC280623; Wed, 2 Apr 2014 15:47:52 +0200 (CEST)
Received: from ( []) by (Postfix) with ESMTP id 2D5342801C2; Wed, 2 Apr 2014 15:47:52 +0200 (CEST)
Received: from (unknown [IPv6:2001:67c:1348:7::86:133]) by (Postfix) with ESMTP id E84D74C0029; Wed, 2 Apr 2014 15:47:21 +0200 (CEST)
Date: Wed, 2 Apr 2014 15:47:24 +0200
From: Stephane Bortzmeyer <>
To: Olafur Gudmundsson <>
Message-ID: <>
References: <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
X-Operating-System: Debian GNU/Linux jessie/sid
X-Kernel: Linux 3.13-1-686-pae i686
Organization: NIC France
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Apr 2014 13:48:00 -0000

On Tue, Apr 01, 2014 at 10:37:54PM -0400,
 Olafur Gudmundsson <> wrote 
 a message of 158 lines which said:

> Furthermore using larger keys than your parents is non-sensical as
> that moves the cheap point of key cracking attack.

Mostly true, but still too strong a statement, in my opinion. This is
because, if you are an attacker and managed to crack a key somewhere
between the root (inclusive) and your real target, the higher you are
in the tree, the more things you have to emulate or simulate below. If
you are after, and you cracked the root key, you need to
either create a false DS for .com (and then the resolver will croak on
most .com responses, detecting there is something wrong) or a false
NSEC proving that .com is not signed (but the fact that .com is signed
is rapidly cached in validating resolvers).

So, yes, basically, you are right, since DNSSEC is tree-based, the
security of the weakest node is what matters. But, in practice,
exploiting a cracked key upper in the tree is a bit more difficult
than it seems.