On Mon, Mar 25, 2024 at 09:27:06AM +0100, Haya Shulman wrote: > Our evaluations demonstrate that the two attack vectors are fundamentally > different from the perspective of their practical impact: KeyTrap > introduces a realistic immediate threat for exploitation by hackers. In > contrast, with NSEC3-encloser attack a comparable load on resolvers is not > possible, not only that with a single NSEC3-encloser attack no packet is > lost, but also no latency is introduced to the resolvers. The high volume > of NSEC3-encloser attack traffic, of more than hundreds of packets per > second, makes the NSEC3-encloser attack visible. Therefore, the high attack > volume in tandem with the meager benefit for adversaries (only a small > fraction of benign packets dropped) implies that such attacks do not pose a > practical threat.
Reading the paper, I get an impression that the described attack isn't nearly as stressful on the resolver CPU as it could be. If I understood the measured attack correctly, a more "malicious" approach could substantially (~100x) increase the per-query-response CPU cost. Perhaps qualitatively changing the relative impact assessment? I do hope that, as a community, we'll continue to steadily streamline acceptable NSEC3 parameters (per RFC9276) down to 0 additional iterations and short enough salt values (that don't result in additional SHA-1 input blocks). -- Viktor. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations