-- Ben Laurie wrote: > Subject: > [dnsop] BIND and OpenSSL's RSA signature forging issue > From: > Ben Laurie <[EMAIL PROTECTED]> > Date: > Fri, 08 Sep 2006 11:40:44 +0100 > To: > DNSEXT WG <namedroppers@ops.ietf.org>, "(DNSSEC deployment)" > <[EMAIL PROTECTED]>, dnsop@lists.uoregon.edu > > To: > DNSEXT WG <namedroppers@ops.ietf.org>, "(DNSSEC deployment)" > <[EMAIL PROTECTED]>, dnsop@lists.uoregon.edu > > > I've just noticed that BIND is vulnerable to: > > http://www.openssl.org/news/secadv_20060905.txt > > Executive summary: > > RRSIGs can be forged if your RSA key has exponent 3, which is BIND's > default. Note that the issue is in the resolver, not the server. > > Fix: > > Upgrade OpenSSL. > > Issue: > > Since I've been told often that most of the world won't upgrade > resolvers, presumably most of the world will be vulnerable to this > problem for a long time. > > Solution: > > Don't use exponent 3 anymore. This can, of course, be done server-side, > where the responsible citizens live, allegedly. > > Side benefit: > > You all get to test emergency key roll! Start your motors, gentlemen!
This seems to presuppose that Secure DNS is actually in use. I was unaware that this is the case.
What is the penetration of Secure DNS? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fLselD6l8fdbF1p4sjg3RQ2GXi+NnQ//1CymnfKs 4+JAX1zwW3fSIStp6glgbAygK1zCuoMeiTigr4qmd --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]