On Feb 22, 2010, at 6:41 PM, Mark Andrews wrote: > >> The real problem is that a SHA1 hash collision would render all signatures wi >> th RSASHA1 vulnerable. Haven't heard you about that. > > Hogwash. A collision is nothing more than a collision. See above.
So, a collision (that is nothing more than a collision) is a problem for NSEC3, but not for RSASHA1? > For a zone with 30 million names the false positive rate is roughly > 1 in 32^32/(3*10^7) (1/48716721244363430606789494423876100655197) > queries. Around 40 9's. I agree, approximately, a probability of 1 in 2^135. >> I suggest that if you and Andrews want to have this claim rfc4641bis, you sho >> uld not discriminate on NSEC3, but on everything that uses SHA1. >> >>> (resign >>> with a new salt, and also keep that 2-second update guarantee? - I would >>> suggest some weasel words in agreements). >> >> Nah, we love collisions, it makes it all so more efficient. >> >> Besides, I think >> the probability of finding a bug in authoritative server software is way high >> er than a hash-collision. > > Indeed. But you would expect us to fix the bug once it was found. :-) I used to. Not anymore. See https://www.isc.org/community/blog/201002/surprise-bugs-and-release-schedules Roy _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
