Moin! On 28 Feb 2024, at 22:44, John R Levine wrote:
> On Thu, 29 Feb 2024, Mark Andrews wrote: >>> If it is forbidden in the protocol, it might still happen. >> >> Ed, your reasoning is off. The point of forbidding is to allow the >> validator to safely stop as soon as possible when it is under attack. > > We're going in circles here. You want to stop at 2 some time in the future > after we've changed the spec. I think that is wrong. Bind and and other servers (egg Akamai Cacheserve) already stop/fail when having more then two keys with a colliding key tag today. I think what at least I want is that every key a validator has to consider has a unique key tag, so that we don’t need to do any additional cryptographic work for figuring out if the signature is correct. > Ed and Shumon and I want to stop at, say, 10, right now. I've never written > a DNSSEC validator so I don't know how different those are in practice but > I'd be surprised if it were very much. There are two problems. With more colliding keys we give the attacker a larger multiplier for the cryptographic work he can force on a validator. The second is that we have to have a code path at all that uses more than one cryptographic operation to validate a signature. DNSSEC validators are very very complex, so everything we can do to make them simpler is a win. I only test and use validators, but I’ve seen often enough that a small benign change in that code caused a whole array of other “cornercases” to fail and had to be reverted/rethought. So long -Ralf ——- Ralf Weber _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
