Re: How are people implementing hold-down in RFC 5011?
Matthijs Mekking <mmekking <at> dyn.com>
2014-10-13 08:59:54 GMT
On 09-10-14 18:46, Michael StJohns wrote:
> At 07:57 PM 10/7/2014, Paul Hoffman wrote:
>> Thanks for the clarifications. I still have a bunch of questions, and
>> I really do wonder if implementers agree with your interpretations.
I have implemented this (http://nlnetlabs.nl/projects/autotrust/) and I
agree with Michael's interpretations (even if it was after an hour
asking questions at some past IETF).
I am trying to clarify below, although most stuff seems already
>> On Oct 7, 2014, at 1:03 PM, Michael StJohns <mstjohns <at> comcast.net> wrote:
>> > At 01:13 PM 10/7/2014, Paul Hoffman wrote:
>> >> Greetings. In reading RFC 5011 more carefully, I am finding that
>> some of the wording is confusing (possibly just to me). I have a few
>> questions for people who have implemented it in systems, but also want
>> to hear from the greater DNS community.
>> >> Section 2.2 says:
>> >> Assume two trust point keys A and B. Assume that B has been
>> >> compromised. An attacker could generate and add a new trust anchor
>> >> key C (by adding C to the DNSKEY RRSet and signing it with B), and
>> >> then invalidate the compromised key. This would result in both the
>> >> attacker and owner being able to sign data in the zone and have it
>> >> accepted as valid by resolvers.