On Jan 8, 2020, at 2:10 PM, Viktor Dukhovni <[email protected]> wrote: > If I can get you to sign A, you may > be inadvertently also signing B.
This is the crux of your argument, and the crux of every attack that leverages hash collisions. If "I" can get "you" to sign something without adding any randomness to the beginning of the signature, then you could be signing something unintended because there are multiple items with the same hash value. (To be clear: RFC 3110 doesn't add any signer randomness to the signatures, which it could have.) However, in DNSSEC, what is the scenario where "I" can get "you" to sign an RRset? Aren't RRsets all signed by their owner, the creator of the RRset? If I'm a signer and I'm willing to sign something that I didn't create, I already have a lot of problems already. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
