On Fri, Mar 28, 2014 at 9:01 AM, Tony Finch <[email protected]> wrote: > Paul Wouters <[email protected]> wrote: > > > On Thu, 27 Mar 2014, Nicholas Weaver wrote: > > > > > For an attacker, the root ZSK is not 1 month validity, since an > attacker > > > who's in a position to take advantage of such a ZSK compromise is > going to > > > be faking all of DNS for the target, and can therefore just as easily > also > > > fake NTP, ensuring that the attacker's key is still valid for most > victims. > > > > Than you have lost forever because we have used a 1024 key in the past. > > You can always NTP attack them to today's 1024 key, and no increase in > > key size in the future will help you. > > I have a rough plan for how to avoid the insecure time replay > vulnerability: > http://www.ietf.org/mail-archive/web/dnsop/current/msg11245.html
Why is this needed? Code is only vulnerable if it trusts 1024bit RSA. Code should not trust 1024bit RSA. Therefore ICANN needs to sign the root zone with 2048 before we consider it signed. End of story. -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
