To:
Klaus Malorny <Klaus.Malorny@knipp.de>
Cc:
Edward Lewis <Ed.Lewis@neustar.biz>, ietf-provreg@cafax.se
From:
Edward Lewis <Ed.Lewis@neustar.biz>
Date:
Tue, 25 Oct 2005 12:05:45 -0700
In-Reply-To:
<435E8129.5060603@knipp.de>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] secdns draft
At 21:02 +0200 10/25/05, Klaus Malorny wrote: >Thanks for the clarification. I thought the most simple solution to revoke a >key is to remove it from the zone, as it would break the chain of trust also. >But I have to admit that I am not yet fully aware of the effects of >the various >caching mechanisms on the time a resolver can falsely assume the correctness >of a revoked key. I have to check that. One issue I omitted is that there is also the possibility of an illicit replay attack. Besides caches, if the attacker copies the DS set before the key compromise is known, the attacker can poison caches with the set as long as the signature is valid. So even pulling the (DS record of the) key from the parent zone isn't sufficient for revocation. Short of having an explicit revocation list in DNS (never happen), we have this problem. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar True story: Only a routing "expert" would fly London->Minneapolis->Dallas->Minneapolis to get home from a conference. (Cities changed to protect his identity.)