On Tue, May 22, 2018 at 1:03 PM, Paul Wouters <[email protected]> wrote:
> On Tue, 22 May 2018, Ryan Sleevi via dev-security-policy wrote: > > However, what does this buy us? Considering that the ZSKs are intentionally >> designed to be frequently rotated (24 - 72 hours), thus permitting weaker >> key sizes (RSA-512), >> > > I don't know anyone who believes or uses these timings or key sizes. It > might be done as an _attack_ but it would be a very questionable > deployment. > > I know of 12400 512 bit RSA ZSK's in a total of about 6.5 million. And I > consider those to be an operational mistake. http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper58.pdf has some fairly damning empirical data about the reliability of those records, which is not in line with your anecdata. > > > However, let us not pretend that recording the bytes-on-the-wire DNS >> responses, including for DNSSEC, necessarily helps us achieve some goal >> about repudiation. Rather, it helps us identify issues such as what LE >> highlighted - a need for quick and efficient information scanning to >> discover possible impact - which is hugely valuable in its own right, and >> is an area where I am certain that a majority of CAs are woefully lagging >> in. That LE recorded this at all, beyond simply "checked DNS", is more of >> a >> credit than a disservice, and a mitigating factor more than malfeasance. >> > > I see no reason why not to log the entire chain to the root. The only > exception being maliciously long chains, which you can easilly cap > and error out on after following about 50 DS records? "Why not" is not a very compelling argument, especially given the complexity involved, and the return to value being low (and itself being inconsistent with other matters) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
