On 5 Jan 2017, at 11:27, Matthäus Wander wrote:
* Paul Hoffman [2017-01-05 18:05]:
NSEC3 lies work today, but people worry that NSEC3 might have server
compromise compromise the ZSK.
NSEC3 lies can also be created with pre-computing, but at a cost of
greatly increasing the size of the zone.
NSEC/NSEC3 lies prevent enumeration effectively when they're minimally
covering because it's infeasible to ever collect such a chain.
Sure.
A pre-computed chain does not provide the same benefit. It increases
the
enumeration cost in terms of network queries (CPU time is of less
importance here because the collection process is network-bound except
for the very last few NSEC3 records). Enumeration remains feasible
with
pre-computed chains unless you re-salt and re-sign the zone in an
interval, which is shorter than the duration needed to send one query
for each NSEC3 record in a zone.
Doesn't that last sentence assume that the attacker has a complete
dictionary of possible values in the zone?
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
