BIND and OpenSSL's RSA signature forging issue

Ben Laurie ben at algroup.co.uk
Fri Sep 8 06:40:44 EDT 2006


I've just noticed that BIND is vulnerable to:

http://www.openssl.org/news/secadv_20060905.txt

Executive summary:

RRSIGs can be forged if your RSA key has exponent 3, which is BIND's
default. Note that the issue is in the resolver, not the server.

Fix:

Upgrade OpenSSL.

Issue:

Since I've been told often that most of the world won't upgrade
resolvers, presumably most of the world will be vulnerable to this
problem for a long time.

Solution:

Don't use exponent 3 anymore. This can, of course, be done server-side,
where the responsible citizens live, allegedly.

Side benefit:

You all get to test emergency key roll! Start your motors, gentlemen!

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



More information about the Dnssec-deployment mailing list