On 11/09/2010 02:33 AM, Roy Arends wrote:
4.2.1 KSK Compromise (2nd paragraph)
A compromised KSK used by an attacker can also sign data in the zone other than
the key set. An attacker does not need to follow the definitions of KSK vs ZSK.
I wonder how different implementations handle this case......
I have tested chains of trust (with BIND9 and unbound) in the past and noticed
that its validity did not depend on the SEP bit being clear or set.
If they did, they would not follow the spec ;)
A SEP key can be a ZSK too. The only value of the SEP flag is for operators
and/or tools, validators should ignore it.
Whether or not a key is a ZSK, a KSK, or both, is, from the validator's point of
view, defined by whichever signatures you see. So yes, if you can make arbitrary
signatures with a compromised key, you can 'change' its KSK/ZSK status, and no
validator should be able to notice. But well, you can make arbitrary signatures
anyway...
Jelte
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
