> On 1 Mar 2017, at 17:41, Paul Wouters wrote:
>
> On Wed, 1 Mar 2017, Roy Arends wrote:
>
>> An attacker needs two successive 512 bit blocks and a prefix.
>> However, you _do_ hash a chain of records. Forget CNAME, take a DNSKEY RRset
>> with a few DNSKEY records in it. A fake 1024 bit key a
Roy Arends wrote:
>
> This is not true. The shattered.io pdf files contain an embedded jpeg.
> The difference between the files is in the jpeg comment. The size of the
> difference is 128 bytes. These are two consecutive 64 byte inputs. The
> two versions hash to the same output, given the prefix.
On Thu, 2 Mar 2017, Roy Arends wrote:
Implementer should follow spec. Spec sez MUST or SHOULD.
Implementers may decide to implent some algorithms and not some others,
depending on the level.
Now it says MUST- MUST+ MUST SHOULD- SHOULD+ and SHOULD. Very confusing.
I understand _you_ find it
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations of the IETF.
Title : A Common Operational Problem in DNS Servers - Failure
To Respond.
Author : M. Andrews
Fil
This adds descriptions of each test using words in addition to DiG
commands.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
DNSOP mailing list
DNSOP@ietf.o
