Brian Dickson wrote: >>>Ok. But when you resign using arbitrary data controlled by the >>>attacker, the private key can be obtained. [There is a crypto attack on >>>rekeying] OOPS!!. Rekeying is out of the question for, say, .com, .net, >>>etc. I guess you didn't know that.
>>Correction: The above should say there is a crypto attack on re-SIGNing. >>ReKEYing is fine. Apologies for the confusion I just created. > You say there is a crypto attack on re-signing. Do you know something about recent re-signing attack against Red Hat Linux distributions? > One using arbitrary data provided by the attacker - what is the > "arbitrary" data, as opposed to some other kind of data? "Arbitrary" forged data with forged, but, seemingly valid, signature on them, which is possible by attackers, including but not limited to those who knows the private key, having access to signature generation mechanisms. DNSSEC is not cryptographically secure against MitM attacks on intermediate entities of zones. PKI is not cryptographically secure against MitM attacks on intermediate entities of CAs. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop