> On Apr 11, 2016, at 9:05 AM, Martin Rex <m...@sap.com> wrote: > > The TTL of a DNS record is *NOT* protected by DNSSEC, and can be > regenerated at will by an attacker, will be regenerated by intermediate > DNS server and its purpose is purely cache-management, *NOT* security. > > Only the "Signature Expiration" information in the RRSIG > is protected by DNSSEC, and only that ensures expiry of information > from DNS.
This is largely wrong, RRSIG RRs carry an "original TTL" field and: https://tools.ietf.org/html/rfc4035#section-5.3.3 If the resolver accepts the RRset as authentic, the validator MUST set the TTL of the RRSIG RR and each RR in the authenticated RRset to a value no greater than the minimum of: o the RRset's TTL as received in the response; o the RRSIG RR's TTL as received in the response; o the value in the RRSIG RR's Original TTL field; and o the difference of the RRSIG RR's Signature Expiration time and the current time. So attackers cannot generate TTL values "at will", the TTL is bounded by the signed "original TTL". Of course if the attacker remains on path indefinitely, then he can replay a stale signed RRset until the RRSIG expires. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
