On 23. 02. 21 16:08, Ben Schwartz wrote:
Inspired by some recent discussions here (and at DNS-OARC), and hastened
by the draft cut-off, I present for your consideration "DNSSEC Strict
Mode":
https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-strict-mode-00
<https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-strict-mode-00>
Abstract:
Currently, the DNSSEC security of a zone is limited by the strength of
its weakest signature algorithm. DNSSEC Strict Mode makes zones as
secure as their strongest algorithm instead.
The draft has a long discussion about why and how, but the core
normative text is just three sentences:
The DNSSEC Strict Mode flag appears in bit $N of the DNSKEY flags
field. If this flag is set, all records in the zone MUST be
signed correctly under this key's specified Algorithm. A validator
that receives a Strict Mode DNSKEY with a supported Algorithm
SHOULD reject as Bogus any RRSet that lacks a valid RRSIG with
this Algorithm.
Hi Ben,
I would appreciate more information about threat model you work with.
This
Abstract
Currently, the DNSSEC security of a zone is limited by the strength
of its weakest signature algorithm. DNSSEC Strict Mode makes zones
as secure as their strongest algorithm instead.
is IMHO gravely imprecise: DNSSEC security is as strong as weakest link
in (any permissible) chain of trust.
In other words, if my parent TLD has 1024 bit RSA and my "secure" zone
has 1024 bit RSA + a fancy ECC alg with the new bit set, it still means
nothing security-wise. Attacker can get better return on investment by
attacking the parent zone.
I think it needs discussion if it is worth approaching this problem with
single-zone granularity.
--
Petr Špaček
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
