On Mon, Oct 28, 2013 at 04:57:46PM +0100, Marc Lampo wrote: > How could a "local time problem" lead to using an "expired (zone) key" for > arbitrary data of the zone ?
There is a genuine theoretical concern here, but IMHO it's unrealistic. Imagine some shadowy omnipotent organization has tapped your connection to the internet and controls every packet you send and receive. Your router box (or other embedded device lacking an RTC battery) boots and requests the current time via NTP. The bad guys send a forged response indicating a time in the past, then they answer all DNS queries by replaying data that were captured at that time: the answers *used* to be valid, but they aren't anymore. Now suppose this no-longer-valid data includes a TLSA record for a certificate that's been compromised and revoked since then...? I can't see this as realistic for several reasons - among them, that it's easily detectable by anyone who happens to compare the clock on their router to what it says on their calendar, and I presume a shadowy omnipotent organization would have a strong preference for undetectability. I'd prefer "provably impossible" to "insanely impractical" if I had a choice in the matter, but the truth is, any adversary with the resources to pull this off would certainly have cheaper alternatives. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop