* Mukund Sivaraman [2017-01-04 19:24]: > Assume an attacker is able to spoof answers, which is where DNSSEC > validation helps. If a ZSK is leaked, it becomes a problem only when an > attacker is able to spoof answers (i.e., perform the attack). > > What you're saying is that with a special NSEC3-only DNSKEY compromise, > "attacker can only fake an NXDOMAIN". If an attacker can fake NXDOMAINs > and get the resolver to accept them, that's as bad. The attacker can > deny all answers in the zone by presenting valid negative answers. This > is why we have proof of non-existence that needs to be securely > validated. A special NSEC3-only-DNSKEY's compromise isn't a better > situation than a ZSK compromise.
You're right if you're only considering denial of service. If you take phishing or email hijacking into account, an NSEC3-only compromise is a better situation than a ZSK compromise (or at least a different attack class, whether or not better). With DANE, however, it's not just denial of service anymore: NXDOMAIN spoofing cancels the protection provided by DANE. So we have the cost of a protocol change vs. the benefit of protecting from bogus records (but not from DoS or DANE downgrade)... Regards, Matt
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
