Brian Dickson wrote:
>>>Ok. But when you resign using arbitrary data controlled by the
>>>attacker, the private key can be obtained. [There is a crypto attack on
>>>rekeying] OOPS!!. Rekeying is out of the question for, say, .com, .net,
>>>etc. I guess you didn't know that.
>>Correction: The above should say there is a crypto attack on re-SIGNing.
>>ReKEYing is fine. Apologies for the confusion I just created.
> You say there is a crypto attack on re-signing.
Do you know something about recent re-signing attack against Red
Hat Linux distributions?
> One using arbitrary data provided by the attacker - what is the
> "arbitrary" data, as opposed to some other kind of data?
"Arbitrary" forged data with forged, but, seemingly valid, signature
on them, which is possible by attackers, including but not limited to
those who knows the private key, having access to signature generation
mechanisms.
DNSSEC is not cryptographically secure against MitM attacks on
intermediate entities of zones.
PKI is not cryptographically secure against MitM attacks on
intermediate entities of CAs.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
