[144982] in cryptography@c2.net mail archive
Re: Possibly questionable security decisions in DNS root management
daemon@ATHENA.MIT.EDU (David Wagner)
Thu Oct 22 16:38:25 2009
From: David Wagner <daw@cs.berkeley.edu>
To: cryptography@metzdowd.com
Date: Thu, 22 Oct 2009 12:14:17 -0700 (PDT)
Cc: fweimer@bfk.de
Florian Weimer wrote:
> And you better randomize some bits covered by RRSIGs on DS RRsets.
> Directly signing data supplied by non-trusted source is quite risky.
> (It turns out that the current signing schemes have not been designed
> for this type of application, but the general crypto community is very
> slow at realizing this discrepancy.)
Could you elaborate? I'm not sure what you're referring to or why it
would be quite risky to sign unrandomized messages. Modern, well-designed
signature schemes are designed to resist chosen-message attack. They do
not require the user of the signature scheme to randomize the messages
to be signed. I'm not sure what discrepancy you're referring to.
Back to DNSSEC: The original criticism was that "DNSSEC has covert
channels". So what? If you're connected to the Internet, covert
channels are a fact of life, DNSSEC or no. The added risk due to any
covert channels that DNSSEC may enable is somewhere between negligible
and none, as far as I can tell. So I don't understand that criticism.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
