----- Original Message ----- From: "W.C.A. Wijngaards" <wou...@nlnetlabs.nl> To: <dnsop@ietf.org> Sent: Thursday, June 24, 2010 11:38 AM Subject: Re: [DNSOP] That key size argument...was Re: The case for single active key
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi George, > > On 06/24/2010 11:59 AM, George Barwood wrote: >> It could also note that validators SHOULD NOT check the RRSIG for a DNSKEY >> RRset >> where all the keys are validated by DS records. > > This is not possible, and Casey thought similarly, so here is text: The > RRSIG from a DNSKEY identified by a DS record must validate. You must > do this to ensure that you have obtained all DNSKEY RRs. And thus know > all of the algorithms in use. And thus know which algorithms MUST have > signatures over the zone content. This is from RFC4035. Ok, I see your point. However counter-examples seem to depend on having multiple keys for the same algorithm, e.g. Zone signing is with 1024-bit RSA and GOST. There are DS records for the 2048-bit RSA and 1024-bit RSA, but no DS for GOST. Here there is a down-grade attack where the attacker chops the GOST key. So maybe the optimisation can still be done under the additional condition that there is only 1 key for each algorithm. Can you see a problem with that? George _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
