Robert Edmonds wrote: > ... > > I am also curious why a cryptographic hash function (SHA-1) is needed > for this. Is a fast non-cryptographic checksum not suitable (e.g., > CRC-32C, which can be computed in hardware on x86 CPUs)?
in currently theorized attacks, the udp checksum is fooled by altering two parts of a fragment: first, alter the part you want to use to inject poison into a cache. second, alter something else to fix up the checksum based on the first alteration. if CRC-32C is immune to that attack, i havn't heard, but i'd believe. > Also, there is a long deployment tail for new EDNS options. If it's > urgent to deploy a countermeasure against off-path fragment spoofing, > why not something like Unbound's "referral path hardening", or > advertising a smaller EDNS buffer size which is much less likely to > result in fragmentation? (E.g., I believe OpenDNS advertises a ~1.4 > Kbyte EDNS buffer size.) Those countermeasures can be deployed > unilaterally by the resolver, and on a shorter time scale than a new > EDNS option. > those things should also be done in the short term. but it's the internet. it'll outlive us all. we ought to have a long term plan as well. -- Paul Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
