> On 9 Nov 2021, at 05:09, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
>
>> On 8 Nov 2021, at 12:55 pm, A. Schulze <s...@andreasschulze.de> wrote:
>>
>> sorry for maybe asking an already answered question,
>> but why is NSEC3 considered to have no benefit at all?
>
> My take is that NSEC3 provides little benefit beyond the initial
> (0th) iteration.
>
>> I'm still on "NSEC allow zone-walks while NSEC3 don't"
>> At least not without additional effort.
>
> But, of course that initial iteration provides only limited protection
> against zone walking, it deters *casual* attacks, by those who are not
> sufficiently motivated to expend CPU on dictionary attacks (that would
> likely recover a decent fraction of the names for most zones).
>
> There are a few possible paths forward:
>
> * Accept that sufficiently determined adversaries will mount a dictionary
> attack, but there won't be many of them. Make do with NSEC3 and zero
> iterations.
>
> * Accept that your zone data is not secret, publish vanilla NSEC records
> and let the zone walkers go at it. For some TLDs, spin up a public
> AXFR service, or make zone data available via HTTPS, call it "Open Data".
>
> * Use NSEC in combination with online signing (with ECDSA P256(13)), using
> minimal covering NSEC RRS. These *actually* preclude offline dictionary
> attacks at the cost of online signing of negative answers. If not leaking
> zone data is important enough, this is the actually secure way to get there.
Even there you leave yourself and your clients open to random subdomain
reflection attacks. DNSSEC synthesis is your friend.
> NSEC3 is neither fish nor fowl. Regardless of any practically realistic
> iteration count, it is still vulnerable to dictionary attacks. Its main
> tangible benefit (at some non-trivial security cost) is opt-out, which is
> increasingly a bad idea for most zones.
>
> Thus we find .COM and others using "NSEC3 1 1 0 -" (just opt-out). But
> most zones, if they use NSEC3 at all, should have "NSEC3 1 0 0 -", or
> just NSEC, possibly with minimal covering replies via online signing.
>
> --
> Viktor.
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
