On Thu, Feb 06, 2014 at 05:12:18PM -0800, Jim Schaad wrote:
> A trivial way to avoid the global dictionary is to simply hash the email
> address - that is both the local part and the domain. This would make it
> unique for each domain.
This also works, but is twice as fast as HMAC, where as my concern
is that even HMAC is too fast. Of course a factor of 2 is not a
real deterrent. So I must admit that there is no compelling reason
to prefer HMAC over SHA2-224, provided the hash covers the domain.
Perhaps I should mention the fact that in order to perform the
off-line dictionary attack the attacker first has to discover a
large fraction of the domain's NSEC3 records (assuming the domain
does not provide NSEC records) and then dictionary attack the NSEC3
RRs. Thus he at least has to perform multiple NSEC3 hash iterations
(far too few sadly to prevent off-line discovery of the most common
user names).
The iteration counts for NSEC3 are additive with respect to any
iterations we might impose on the SMIMEA lookup key, rather than
multiplicative because at any given time for a given zone all NSEC3
RRs have the same salt, and thus for each guess at a user name it
is easy to compute the SMIMEA query domain, and thus the corresponding
NSEC3 value for the current zone salt.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
