Nicholas Weaver <[email protected]> writes:
> On Nov 1, 2013, at 7:57 AM, Derek Atkins <[email protected]> wrote:
>> It is unclear to me that ECC as a generic technology is bad, although
>> any specific curves creates by NIST/NSA are certainly suspect.
>>
>> Having said that, Dual-EC-DRBG is a Random Number Generator, not a Hash,
>> Public Key, or Cipher algorithm, and we don't use it in DNS for
>> anything, AFAIK.
>
>
> Random Number Generators are used to generate the key material, since
> bare entropy is often not enough, so you use your entropy pool to seed
> a pRNG. Bind, for example, ends up using OpenSSL.
Fair enough, but I consider key generation "outside the DNS protocol".
Named isn't generating the key(s), you use tools to do that. So yes,
those tools need an RNG.
> Certified versions of OpenSSL do have Dual_EC_DRBG, although its not
> by default (or is it?).
It historically has been present; I do not know if it's the default RNG
or not.
> The threat is probably a lot less, however, since everything else
> signed in DNSSEC-land is deterministic, and even if Dual_EC_DRBG was
> used, hopefully the raw stream doesn't leak (the backdoor requires
> seeing some of the random output to make it predictable).
This was my point.
> Nicholas Weaver it is a tale, told by an idiot,
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
