On Aug 26, 2008, at 1:06 PM, Dean Anderson wrote: > How could their testing and analysis be considered 'thorough' or > credible when they didn't find the very serious flaws just recently > identified on this list?
To summarize, the two "flaws" to which you refer are: (1) there is no cryptographic defense against an attack where the attacker convinces the target that a zone that does not exist at all does exist. (2) replay attacks are possible during the lifetimes of zone signatures, which would either convince the target that a zone that has been removed still exists, or that a zone that has been added does not exist. These are both known limitations that are explicitly mentioned in the protocol document, not oversights on the part of the protocol developers which have just been discovered by you. If you had a problem with (1), you should have raised this back when the working group made this change. At the time it seemed like a bad idea to me, but there were good reasons for doing it; what this limitation means is that your delegations are not signed for free - if you want any security at all out of DNSSEC, you must sign your zone. I don't see any way around (2), but would be interested in hearing any proposals you have. Replay attacks are a problem in protocols with long-lived signatures, and this is one variable to take into account when choosing a zone signature lifetime. Also, of course, if I have mischaracterized the limitations to which you refer, I would be interested in being corrected - are there any additional lies that can be told using the second flaw, for example? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
