BIND and OpenSSL's RSA signature forging issue
ben at algroup.co.uk
Fri Sep 8 06:40:44 EDT 2006
I've just noticed that BIND is vulnerable to:
RRSIGs can be forged if your RSA key has exponent 3, which is BIND's
default. Note that the issue is in the resolver, not the server.
Since I've been told often that most of the world won't upgrade
resolvers, presumably most of the world will be vulnerable to this
problem for a long time.
Don't use exponent 3 anymore. This can, of course, be done server-side,
where the responsible citizens live, allegedly.
You all get to test emergency key roll! Start your motors, gentlemen!
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the Dnssec-deployment