BIND and OpenSSL's RSA signature forging issue
Ben Laurie
ben at algroup.co.uk
Fri Sep 8 06:40:44 EDT 2006
I've just noticed that BIND is vulnerable to:
http://www.openssl.org/news/secadv_20060905.txt
Executive summary:
RRSIGs can be forged if your RSA key has exponent 3, which is BIND's
default. Note that the issue is in the resolver, not the server.
Fix:
Upgrade OpenSSL.
Issue:
Since I've been told often that most of the world won't upgrade
resolvers, presumably most of the world will be vulnerable to this
problem for a long time.
Solution:
Don't use exponent 3 anymore. This can, of course, be done server-side,
where the responsible citizens live, allegedly.
Side benefit:
You all get to test emergency key roll! Start your motors, gentlemen!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the Dnssec-deployment
mailing list