Dean Anderson wrote:
> [Note: increasing key size has
> a corresponding impact on the crypto-overload DOS attack that I
> (Anderson) previously described, and also makes worse the forged query
> DDOS attack that I described.]
It should be noted that new factoring algorithm may make even
64KB keys crackable.
Elliptic cryptography, which is less seriously attacked, is
even less secure.
> On Ohta-san's second point: If the zone is compromised, (which means the
> attacker has obtained the private key), then the attacker can construct
> new signatures at will, and being a MitM, can inject these responses at
> will, also.
Compromized zone almost automatically means compromized authoritative
servers.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
