On 25. 02. 26 21:55, Philip Homburg wrote:
I think a DNS group should not be specifying limits for crypto
algorithms. If you can find a suitable reference to another document,
that could be referenced.
In other words, leave this to crypto experts :-)
This seems a DoS waiting to happen. As far as I know, 65537 is the highest
commonly used public exponent. It is good to ask crypto experts, but I think
we should warn implementors that this is an issue.
My point is - implementers should use a proven crypto library which
takes care of this. Rolling custom crypto is disaster waiting to happen,
not just DoS.
This specific attack vector is known (in DNSSEC context) for more than
decade, see https://www.imperialviolet.org/2012/03/17/rsados.html
That suggests implementations actually do use sane crypto libraries
otherwise it would be in the wild for a long time. I remember checking
OpenSSL myself in that regard, last time around the KeyTrap fiasco. My
conclusion was the crypto folks took care of this and we can (continue
to) do nothing in BIND.
I can't see a reason to fret out now and start 'standardizing' something
which was already taken care of by other groups.
In other words, I object to having _normative_ language in DNS-related
document about how _crypto_ should be implemented.
Having said that, I do not object to mentioning it along the lines of
'perhaps check your crypto library enforces sane parameters'.
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
