[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: private algorithms and the DS record
At 10:49 -0500 12/21/04, Samuel Weiler wrote:
Doesn't the DS hash already cover the name of the
algorithm, which is carried in the DNSKEY?
There is that safety net, yes. Maybe all hope is not lost.
The validator doesn't need
to check the RRSIG(DNSKEY), just match the DNSKEY to the DS.
One factoid that's been bandied about is that the RRSIG(DNSKEY)
provides two functions. It enables the KSK/ZSK model of key
management. It also provides a time-limiting/revocation-like
function, i.e., if there is no RRSIG(DNSKEY) then the DNSKEY set is
worthless to validation. If you can't make heads or tails of the
key's algorithm, the key is of no value to you, the fact that this
makes the RRSIG(DNSKEY) for it also unintelligible is unimportant.
someone could substitute in a DNSKEY with a different private
algorithm name, but, unless these cryptographic hashes aren't worth
the money we're paying for them, the DS won't match whatever the
attackers generate, right?
I suppose that's the case. I wonder - if you have a 2048 bit key for
a private algorithm and a 160 bit hash, I'd be pretty free to find a
2048 bit sequence to put at the end of a domain name to cook up a
result. For the mathematicians, just how good is SHA-1.
(Yes, I know, here we go again with the crypto fans touting how good
SHA-1 is. ;))
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
"A noble spirit embiggens the smallest man." - Jebediah Springfield
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>