[Cryptography] Certificates and PKI

Viktor Dukhovni cryptography at dukhovni.org
Mon Dec 29 09:51:49 EST 2014

On Mon, Dec 29, 2014 at 01:06:53PM +0000, Ben Laurie wrote:

> >     * This still might not address denial of existence "spam".
> Not entirely sure what the issue is here? DNSSEC already has denial of
> existence using no more records than already exist in the zone. Not
> clear why CT has a problem here?

PowerDNS is often used in "narrow mode", where denial of existence
proofs are generated and signed on the fly, with non-existentent
nodes evidenced not with NSEC3 RRs of actual nodes, but rather with
synthetic hashes that are the hash of the would be node +/- 1.
And the closest encloser node's right neighbour is again a "+1"

Here's a live example with the actual domain replaced by "example.":

    example.               SOA     ns1.example. email.example. 2014120803 10800 3600 604800 3600
    394ukt9jn8uge3d86433hgogtm429bqc.example. NSEC3 1 0 1 BEEF 394UKT9JN8UGE3D86433HGOGTM429BQD A AAAA RRSIG
    3te5k6ninjarg2rhegq886jo6kqlaurd.example. NSEC3 1 0 1 BEEF 3TE5K6NINJARG2RHEGQ886JO6KQLAURF
    m9ktr713mv89v98bat896geo4it3stbd.example. NSEC3 1 0 1 BEEF M9KTR713MV89V98BAT896GEO4IT3STBF

>From such a domain served by a DNSSEC hosting provider with many
client zones one can elicit an essentially unlimited number of
signed responses.


More information about the cryptography mailing list