On Feb 22, 2010, at 4:44 AM, W.C.A. Wijngaards wrote: > On 02/22/2010 04:53 AM, Roy Arends wrote: >> On Feb 21, 2010, at 7:22 PM, Mark Andrews wrote: >> >>> NSEC3 >>> has a non zero false positive rate due to the fact that the names >>> are hashed. >> >> Are you going on again about the possibility of hash collisions is SHA-1? > > Yes. +1 for Marks point. > > The deployment of NSEC3-signed toplevel domains is a giant hash > collision test of typo dictionaries.
Not really, most (will) use Opt-Out. > What does the registry do when > someone registers a new domain name that has a hash-collision We'll claim that sha-1 is broken, write a paper on it and have our 15 minutes of fame. Meanwhile... In the real world, if someone registers the name 759345ihkjgrj345837458fjfgiusifghgvtsrhf8hfvihi.co.uk and its hash collides with example.co.uk (lets skip the probability factor), than its just gotten a bit more efficient. One hash matching 2 names, i.e. we can now deny two names for the price of one. The real problem is that a SHA1 hash collision would render all signatures with RSASHA1 vulnerable. Haven't heard you about that. I suggest that if you and Andrews want to have this claim rfc4641bis, you should not discriminate on NSEC3, but on everything that uses SHA1. > (resign > with a new salt, and also keep that 2-second update guarantee? - I would > suggest some weasel words in agreements). Nah, we love collisions, it makes it all so more efficient. Besides, I think the probability of finding a bug in authoritative server software is way higher than a hash-collision. > But I agree more pertinent to choice is the increased CPU demand and > larger packets when using NSEC3. And opt-out, obfuscation desiderata. All FUD. Roy _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop