On Fri, Jul 21, 2017 at 10:24:35AM +0200, Petr Špaček wrote:
> On 19.7.2017 10:50, Francis Dupont wrote:
> > In your previous mail you wrote:
> >
> >> NSEC needs no keys, only their RRSIGs would which wouldn't exist in
> >> unsigned zones. In this case the unsigned NSEC would also not be part of
> >> the zone (it would have to be synthesized and maintained outside the
> >> zone).
> >
> > => but it is created by an authoritative server, isn't it?
> > And as it is synthesized I can't see a good reason to use NSEC3 instead.
> >
> >> Because an unsigned/unauthenticated NSEC/NSEC3 has the potential to nix
> >> entire zones, when it was discussed, Mark Andrews suggested that
> >> requiring DNS COOKIE to further reduce the chance of cache poisoning
> >> (more than source port randomization and random message ID) could be a
> >> reasonable idea to think about.
> >
> > => it adds a nonce so another (short) bunch of unpredictable bits.
> > As NSEC is not signed it is more than vulnerable to on-the-path attacks.
> > I am afraid it is first a massive zone destruction weapon and after
> > perhaps an optimization...
>
> Oh yes, very good point Francis. Let me repeat that I'm against this
> proposal.
The zone is unsigned. An on-path attacker can do pretty much whatever he
pleases anyway including poisoning cache and denying service.
The addition of the cookie was to prevent the risk of an off-path attack
becoming a massive zone destruction weapon.
Mukund
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
