On Mon, Jul 10, 2017 at 2:53 PM, Shumon Huque <shu...@gmail.com> wrote:
> On Mon, Jul 10, 2017 at 1:50 PM, Bob Harold <rharo...@umich.edu> wrote: > >> >> On Tue, Jul 4, 2017 at 11:42 AM, Shumon Huque <shu...@gmail.com> wrote: >> >>> Hi folks, >>> >>> We've posted a new draft on algorithm negotiation which we're hoping to >>> discuss at IETF99 (and on list of course). I've discussed this topic with >>> several folks at DNS-OARC recently. >>> >>> https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00 >>> >>> -- >>> Shumon Huque >>> >>> >> I like the idea. I am not an DNSSEC expert, but wondering in section 7, >> paragraph: >> >> In order to detect such attacks, the client SHOULD compare the zone >> signing algorithms listed in the zone's authenticated DNSKEY RRset, >> and the preferred list in the query that it sent, to the algorithms >> seen in the response signatures. If signatures by the most preferred >> algorithm they have in common have not been sent, this may indicate >> >> an algorithm downgrade attack. >> >> Can there be 'pre-pubished' DNSKEY's that are not used for signing yet, >> to would not be available for response signatures? >> > > Hi Bob, > > Very good question Yes, there certainly can be. If the pre-published key's > algorithm is higher strength than the others, then it could cause the > resolver to mistakenly deduce an algorithm downgrade attack might be in > progress. I think this argues that we really do need the new zone apex > (active) algorithms list record - which we already were thinking of > proposing - in the last paragraph of Section 7. > Replying to my own message (sorry!) .. It occurs to me that RFC 4035 and RFC 6781 both say that zone data currently need to be signed by a key of each algorithm in the DNSKEY RRset. So perhaps you can't pre-publish a key of a new algorithm. This draft, if adopted, may also have to qualify some existing language (e.g. distinguishing an authoritative server _having_ signatures of each algorithm, from selectively _returning_ signatures of a specific algorithm, if signaled). -- Shumon Huque
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
