On Sat, 2 Mar 2024, Peter Thomassen wrote:
On 2/29/24 18:06, Paul Wouters wrote:
(If no action is taken, malicious activity might follow now that it is
described, but I have not heard of a historical case of it.)
This attack was more or less described five year ago:
https://essay.utwente.nl/78777/ <https://essay.utwente.nl/78777/>
They didn’t get to the same amplification levels but if attackers had been
interested, they could have picked it up as a tool to improve. scripts to
run were attached to the paper.
My take is that with the current mitigations (tolerate a very small but
nonzero number of keytag collisions), it's unlikely that this will be
exploited in any significant way, as the attacker's gain is very limited.
I think we're in violent agreement here. The current mitigations are
adequate, and nobody has offered a reason to believe that if we made
things tighter, e.g., no keytag collisions at all, that it would make much
practical difference.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop