On Mon, Jul 10, 2017 at 1:50 PM, Bob Harold <rharo...@umich.edu> wrote:
> > On Tue, Jul 4, 2017 at 11:42 AM, Shumon Huque <shu...@gmail.com> wrote: > >> Hi folks, >> >> We've posted a new draft on algorithm negotiation which we're hoping to >> discuss at IETF99 (and on list of course). I've discussed this topic with >> several folks at DNS-OARC recently. >> >> https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00 >> >> -- >> Shumon Huque >> >> > I like the idea. I am not an DNSSEC expert, but wondering in section 7, > paragraph: > > In order to detect such attacks, the client SHOULD compare the zone > signing algorithms listed in the zone's authenticated DNSKEY RRset, > and the preferred list in the query that it sent, to the algorithms > seen in the response signatures. If signatures by the most preferred > algorithm they have in common have not been sent, this may indicate > > an algorithm downgrade attack. > > Can there be 'pre-pubished' DNSKEY's that are not used for signing yet, to > would not be available for response signatures? > Hi Bob, Very good question Yes, there certainly can be. If the pre-published key's algorithm is higher strength than the others, then it could cause the resolver to mistakenly deduce an algorithm downgrade attack might be in progress. I think this argues that we really do need the new zone apex (active) algorithms list record - which we already were thinking of proposing - in the last paragraph of Section 7. And perhaps a really dumb off-topic question: > I do not use DNSSEC yet, mostly due to time and effort, secondly due to > concern over the additional size and processing. Is it possible for me to > start with a new, rarely implemented, algorithm with shorter records, that > most resolvers won't understand yet, and have those that don't understand > it treat the zone as unsigned? Or will it break everything? (Section 5 > sounds like it breaks) > (Only) Unknown algorithms will currently cause resolvers to treat the zone as unsigned (fail open). So, nothing will break, but resolvers that don't understand the new algorithm won't authenticate the signatures and the benefit of DNSSEC is lost. -- Shumon Huque
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
