[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: private algorithms and the DS record

To: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: private algorithms and the DS record
From: David Blacka <davidb@verisignlabs.com>
Date: Wed, 22 Dec 2004 10:37:26 -0500
Cc: Samuel Weiler <weiler@tislabs.com>, namedroppers@ops.ietf.org
In-reply-to: <a06110401bdef40327a4f@[10.31.32.75]>
Organization: VeriSign, Inc.
References: <41C1ED4A.1060606@verisignlabs.com> <a06110402bdecf217c1a3@[10.31.32.75]> <Pine.GSO.4.55.0412211040400.11377@filbert> <a06110404bdedfb585eae@[10.31.32.75]> <41C9862D.1020408@verisignlabs.com> <a06110401bdef40327a4f@[10.31.32.75]>
User-agent: Mozilla Thunderbird 0.9 (X11/20041127)

Edward Lewis wrote:

At 9:35 -0500 12/22/04, David Blacka wrote:
There is still potential for a security problem, here, I think.
If an implementation pulls the private algorithm name from the DNSKEY and eliminate the DNSKEY and DS before actually computing the SHA1 hash of the DNSKEY.
I'm not following...(maybe I'm context switching too much)...can you elaborate?

Sure. Remember that, in the absence of private algorithms the implied algorithm is:

1) get a referral containing a DS set. 2) for each DS, check the algorithm. If you do not recognize the algorithm, remove it from consideration. 3) if there are still DSs in consideration, then the subzone must be signed. if there aren't DSs in consideration (i.e., no supported algorithms), consider the zone unsigned (or follow local policy, whatever) 4) fetch the DNSKEYs from the subzone, match DSs to DNSKEYs.

In the presence of private algorithms, the temptation might be to replace step 2 with:

2) for each DS, check the algorithm. If you understand a private algorithm, and one of the DSs uses a private algorithm, fetch the DNSKEY set from the child, find the correct key via algorithm and keyid, pull the private algorithm name and continue as before.

I.e., do the minimum amount of work to satisfy the requirements of step 2.

Where the safe thing to do is: .. find the correct key via algorithm and keyid, make certain the DS hash matches the DNSKEY key ..

The difference between doing the safe thing and not is currently an awareness of this safety issue. Right now, the only way a future implementer would be aware of this issue (and how to handle private algorithm, period, for that matter) is to either read the namedroppers archives, or to recreate this analysis.

Maybe it will never come up. Or maybe all implementers of DNSSEC will have read this thread when it was posted.

--
David Blacka    <davidb@verisignlabs.com>
Sr. Engineer    VeriSign Applied Research

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

References:
- private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: private algorithms and the DS record
  - From: Samuel Weiler <weiler@tislabs.com>
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

Prev by Date: Re: private algorithms and the DS record
Next by Date: Re: private algorithms and the DS record
Previous by thread: Re: private algorithms and the DS record
Next by thread: Re: private algorithms and the DS record
Index(es):
- Date
- Thread