On 26 Jul 2018, at 10:25, Ondřej Surý wrote:
If the ZONEMD record is signed, the only person who can mount a
collision attack is the zone owner themselves. If the ZONEMD record
is unsigned, an attacker can just remove it.
I believe, that’s not true. The ZONEMD can stay intact while the
attacker would modify the unsigned parts of the zone to create a same
checksum, but different contents? He might be targeting just this
particular zone and it’s delegation, so everything else is
throw-away junk that can be modified.
What is the attack you are envisioning?
You didn't answer the last question. It sounds like you want it as a
signature over the entire zone. If so, then I fully agree that using
hash algorithms that have known collision attacks is a very bad idea.
But I also think that using ZONEMD as a strong signature is a bad idea:
that's what signing algorithms are for.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
