> Some comments on incorrect assertions on the NSEC/NSEC3 attacks.
>
> > (1) there is no cryptographic defense against an attack where the
> > attacker convinces the target that a zone that does not exist at all
> > does exist.
It is not possible to do this with NSEC. Names either exist
or they don't exist.
It is a risk you accept when you choose to use NSEC3 and
results from a collision of SHA1 hashes. However for it
to be effective the original delegation would also have to
be a insecure delegation.
A secure delegation has a DS RRset and for that to be
effective you also need to find a DNSKEY who's SHA1 matches
a DS record at the delegation.
For delegation centric zones like COM you are unlikely to
find a insecure delegation as they will be using OPTOUT
to skip all insecure delegations.
For end user sites trying to prevent zone working finding
all the names in the zone you are unlikly to find a insecure
delegation.
Now if you believe in infinite improbability drives then
you need to worry. Otherwise there really isn't a practical
attack here.
> > (2) replay attacks are possible during the lifetimes of zone
> > signatures, which would either convince the target that a zone that
> > has been removed still exists, or that a zone that has been added does
> > not exist.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
