On 2 Aug 2018, at 19:50, Paul Wouters wrote:
On Thu, 2 Aug 2018, Paul Hoffman wrote:
Note that the checksum in this case must be at least as
cryptographically strong as the signature algorithm used
in the individual RRSIGs/DNSKEYs.
Not true.
If the resolver is validating, the ZONEMD only adds assurance that
the non-signed records are there. Thus, the hash algorithm for the
zone is unrelated to the hash algorithms in the signatures.
Then don't cover signed RRsets with ZONEMD. Then this problem goes
away,
and you force implementations to validate all records before putting
them in the cache.
That only works for validating resolvers. ZONEMD also is useful for
non-validating resolvers.
If the resolver is not validating, the ZONEMD assures that all the
records are there. The strength of that assurance is the same as the
second pre-image strength of the hash. However, the resolver cannot
say "oh, look, now I can start resolving with what I got in the zone
transfer": it still needs to validate every RRSIG all the way to the
root.
That's not what people are going to do. They are going to grab the
AXFR'ed data, check the checksum and throw it in the "validated" cache
and they won't revalidate every root zone entry they are about to
serve.
A non-validating resolver doesn't have a validated cache.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
