On 14. 02. 24 2:57, Mark Andrews wrote:
On 13 Feb 2024, at 00:56, Edward Lewis <edward.le...@icann.org> wrote:
On 2/9/24, 22:05, "Mark Andrews" <ma...@isc.org> wrote:
The primary use of the key tag is to select the correct key to validate the
signature from multiple keys.
Yes - which is great if 1) you need to pare down the potential set of keys into
something you can handle (like, from 10's to 3) and 2) if you have somewhat to
request only those keys.
Operators generally only publish 2 keys outside of rolls, 3 when rolling the
ZSK or the KSK, maybe more if they aren't optimizing. There's no need to
specify a subset. I say this with complete highsight.
I would still argue that there is still a need even if there is only 2 keys.
Verification is expensive. It always has been.
I think CVE-2023-50387 listed on
https://www.nlnetlabs.nl/projects/unbound/security-advisories/
is nice demonstration how dangerous it can be when resolver has to
implement try-and-see approach.
In my mind this is good enough reason to outlaw keytag collisions -
without them it would be _much_ easier to implement reasonable limits
without risk of breaking legitimate clients.
--
Petr Špaček
Internet Systems Consortium
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
