Ted Lemon wrote:
Brian, what you said about the crypto is right but there are definitely opportunities to compromise trust at the tlds. I don't think it's wise to ignore this type of attack. However, in order to make such an attack, you have to do things which can be noticed (e.g. signing a zone delegation with a forged key).
If a parent zone administrator or some employee of it is compromised and forged zone delegation (with an IP address of a forged nameserver using forged public/secret keys) is signed by a valid key, it will not be noticed easily.
So the threat model for a viable DNSSEC attack is quite a bit different than for a recursive resolver attack, and is not something that could be easily effected by a small entity.
Merely because message ID is short, which can be improved, which is a lot easier than deploying so costly DNSSEC. > And unlike > a resolver attack, it is possible to detect a DNSSEC attack by > comparing known keys to detect a compromise. If a resolver has some knowledge on contents of an attacked zone, such as IP addresses of some servers or some DNSSEC keys, it can detect a DNS (both resolver and DNSSEC) attack by comparing, unless an attacker knows IP addresses of detecting resolvers and return unforged answers to them. So? Unlike that, birthday attacks on resolvers are trivially detectable by the resolvers. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop