[dnssec-deployment] DNSSEC in Russia
Ed.Lewis at neustar.biz
Thu Apr 2 16:59:15 EDT 2009
At 13:18 -0700 4/2/09, Paul Hoffman wrote:
>...with a signature algorithm that has had little cryptographic analysis done
>that could be verified by other cryptographers (and for which there is
>already some damaging analysis that can be found trivially with Google).
>Why should the root sign with such an algorithm?
Why shouldn't it? DNSSEC is a mechanism for the relying party to
verify that the data they have received in response to a query is
complete and true to the source. It is up to the verifier's policy
to decide what is and what is not an acceptable means to achieve this.
If you restrict the signing to select algorithms you 1) are setting
up an exclusionary policy that will be put under review and 2) are
restricting the choice of local policy by the verifiers.
I can't seen any upside, other than minimizing the size of the root
zone and traffic, to being restrictive.
>If a zone wants to sign with an algorithm other than what everyone else is
>using, that's fine. Users of that algorithm that cannot use any other
>algorithm can load the highest-level zones signed with it in their trust
I can't respond to that, I don't understand your point.
>Adding additional algorithms, particularly ones that have not been studied
>much, to resolvers gives attackers new ways to break the security of DNSSEC.
>That doesn't seem like a good idea.
"Not studied much" by whom? Who decides? I can't get a straight
answer from a cryptographer about what's a suitable key length in
RSA, much less an answer about the soundness of an algorithm.
I don't agree that the presence of an algorithm in a zone lowers the
security of a zone relative to the other algorithms in it. The
verifier has the final say.
NeuStar You can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
More information about the Dnssec-deployment