> On 27 Jul 2018, at 11:32 am, Mark Andrews <[email protected]> wrote: > > > >> On 27 Jul 2018, at 10:37 am, Paul Hoffman <[email protected]> wrote: >> >> On 26 Jul 2018, at 10:25, Ondřej Surý wrote: >> >>>> If the ZONEMD record is signed, the only person who can mount a collision >>>> attack is the zone owner themselves. If the ZONEMD record is unsigned, an >>>> attacker can just remove it. >>> >>> I believe, that’s not true. The ZONEMD can stay intact while the attacker >>> would modify the unsigned parts of the zone to create a same checksum, but >>> different contents? He might be targeting just this particular zone and >>> it’s delegation, so everything else is throw-away junk that can be modified. >>> >>>> What is the attack you are envisioning? >> >> You didn't answer the last question. It sounds like you want it as a >> signature over the entire zone. If so, then I fully agree that using hash >> algorithms that have known collision attacks is a very bad idea. But I also >> think that using ZONEMD as a strong signature is a bad idea: that's what >> signing algorithms are for. > > ZONEMD and XHASH can both be modelled as a cryptographic hash (NSEC3) or > cryptographic hash + signature (RRSIG). The later will take less space in > the zone but more work to update when the signature expires. Either model > will prevent record changes.
The RRSIG model is the equivalent of a PGP detached signature which signs the hash of the document (or a series of detached signatures in the XHASH case). For ZONEMD the RRSIG model is better as it requires the consumer to do the cryptographic signature check. For XHASH the RRSIG model is definitely better for space reasons + it requires the consumer to do the cryptographic signature check (call it XSIG). In either case I would just use the SIG/RRSIG record format. Mark >> --Paul Hoffman >> >> _______________________________________________ >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
