On Tue, Jun 19, 2018 at 02:11:02PM -0400, Shumon Huque wrote:
> On Tue, Jun 19, 2018 at 10:32 AM Petr Špaček <petr.spa...@nic.cz> wrote:
>
> >
> > I think we need to first answer question why existing technologies do
> > not fit the purpose.
> >
>
> This is a reasonable question.
>
> I noticed that the draft doesn't mention SIG(0) at all. One of the main
> motivators of the draft is stated to be secure, wide scale distribution of
> the root zone. To me, SIG(0) would have been an obvious candidate solution
> for this problem. The zone owner can publish one public key to the world,
> and signs zone transfers messages with the corresponding secret key. If the
> zone owner supports IXFR, the incremental cost of these message signatures
> is also quite small.
There also seems to be a scalability problem with SIG(0) in that
generating the signature involves a public-key operation per DNS
message.
For a zone transfer of the root zone from F, the AXFR contains 79
messages in the TCP continuation:
;; XFR size: 22554 records (messages 79, bytes 1335768)
Unfortunately, because the request message's fields are involved in
calculating the signature for the reply message and the ID also varies,
it doesn't appear that the signatures can be re-used.
This scalability problem is probably a reason why TSIG's HMAC has become
the preferred method for transaction security and SIG(0) isn't used to
authenticate zone transfers.
Mukund
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
