Possibly questionable security decisions in DNS root management
Perry E. Metzger
perry at piermont.com
Wed Oct 14 19:22:27 EDT 2009
bmanning at vacation.karoshi.com writes:
> On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
>> Ekr has a very good blog posting on what seems like a bad security
>> decision being made by Verisign on management of the DNS root key.
>>
>> http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
>>
>> In summary, a decision is being made to use a "short lived" 1024 bit key
>> for the signature because longer keys would result in excessively large
>> DNS packets. However, such short keys are very likely crackable in short
>> periods of time if the stakes are high enough -- and few keys in
>> existence are this valuable.
>
> however - the VSGN proposal meets current NIST guidelines.
That doesn't say anything about how good an idea it is, any more than an
architect can make a building remain standing in an earthquake by
invoking the construction code.
We are the sort of people who write these sorts of guidelines, and if
they're flawed, we can't use them as a justification for designs.
(Well, a bureaucrat certainly can use such documents as a form of CYA,
but we're discussing technology here, not means of evading blame.)
The fact is, the DNS root key is one of the few instances where it is
actually worth someone's time to crack a key because it provides
enormous opportunities for mischief, especially if people start trusting
it more because it is authenticated. Unlike your https session to view
your calendar or the password for your home router, the secret involved
here are worth an insane amount of money.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list