Both of Ohta-san's points are entirely valid. On Ohta-san's first point: DJB is convinced that 1024bit RSA is crackable with a botnet. And if 1024 isn't crackable now, it probably will be shortly. So it is probably possible or soon will be possible to crack keys and then forge many DNSSEC signatures, given enough determination. Using larger (2048bit) signatures creates more work to verify signatures, and larger responses. [Note: increasing key size has a corresponding impact on the crypto-overload DOS attack that I (Anderson) previously described, and also makes worse the forged query DDOS attack that I described.]
On Ohta-san's second point: If the zone is compromised, (which means the attacker has obtained the private key), then the attacker can construct new signatures at will, and being a MitM, can inject these responses at will, also. The response that one gets (or seems to get) from a cache or authority server is not necesarilly the response from an authority server. This can result in a number of problems for DNSSEC, and it is the common factor in several different attacks described by Ohta-san and myself. --Dean On Thu, 21 Aug 2008, David Conrad wrote: > *plonk* > > On Aug 21, 2008, at 3:50 PM, Masataka Ohta wrote: > > Paul Wouters wrote: > > > >>> Instead, MitM attack on DNSSEC is performed, for example, within > >>> intermediate zones with forged signature on child zone with forged > >>> end-users data. > > > >> Oh I see. DNSSEC is broken because we cannot trust RSA, DSA, SHA256, > >> DiffieHellman, and perhaps eliptic curve.... > > > > That is certainly a valid argument. > > > > However, it has nothingn to do with the MitM case above because > > forged signature from a compromized zone is cryptographically valid. > > > > Masataka Ohta > > > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop