Ted Lemon wrote:
Brian, what you said about the crypto is right but there are definitely
opportunities to compromise trust at the tlds. I don't think it's wise to
ignore this type of attack. However, in order to make such an attack, you
have to do things which can be noticed (e.g. signing a zone delegation with
a forged key).
If a parent zone administrator or some employee of it is
compromised and forged zone delegation (with an IP address
of a forged nameserver using forged public/secret keys)
is signed by a valid key, it will not be noticed easily.
So the threat model for a viable DNSSEC attack is quite a bit different
than for a recursive resolver attack, and is not something that could be
easily effected by a small entity.
Merely because message ID is short, which can be improved,
which is a lot easier than deploying so costly DNSSEC.
> And unlike
> a resolver attack, it is possible to detect a DNSSEC attack by
> comparing known keys to detect a compromise.
If a resolver has some knowledge on contents of an attacked zone, such
as IP addresses of some servers or some DNSSEC keys, it can detect
a DNS (both resolver and DNSSEC) attack by comparing, unless
an attacker knows IP addresses of detecting resolvers and
return unforged answers to them. So?
Unlike that, birthday attacks on resolvers are trivially detectable
by the resolvers.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
