[Cryptography] Certificates and PKI

Ben Laurie ben at links.org
Mon Dec 29 10:40:00 EST 2014

On 29 December 2014 at 14:51, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
> On Mon, Dec 29, 2014 at 01:06:53PM +0000, Ben Laurie wrote:
>> >     * This still might not address denial of existence "spam".
>> Not entirely sure what the issue is here? DNSSEC already has denial of
>> existence using no more records than already exist in the zone. Not
>> clear why CT has a problem here?
> PowerDNS is often used in "narrow mode", where denial of existence
> proofs are generated and signed on the fly, with non-existentent
> nodes evidenced not with NSEC3 RRs of actual nodes, but rather with
> synthetic hashes that are the hash of the would be node +/- 1.

<pedantic>Actually, the most efficient way is a node whose owner is
the hash of the would be node, next is hash + 1 and no RRtypes set in
the type map.</pedantic>

> And the closest encloser node's right neighbour is again a "+1"
> hash.
> Here's a live example with the actual domain replaced by "example.":
>     example.               SOA     ns1.example. email.example. 2014120803 10800 3600 604800 3600
>     394ukt9jn8uge3d86433hgogtm429bqc.example. NSEC3 1 0 1 BEEF 394UKT9JN8UGE3D86433HGOGTM429BQD A AAAA RRSIG
>     3te5k6ninjarg2rhegq886jo6kqlaurd.example. NSEC3 1 0 1 BEEF 3TE5K6NINJARG2RHEGQ886JO6KQLAURF
>     m9ktr713mv89v98bat896geo4it3stbd.example. NSEC3 1 0 1 BEEF M9KTR713MV89V98BAT896GEO4IT3STBF
> From such a domain served by a DNSSEC hosting provider with many
> client zones one can elicit an essentially unlimited number of
> signed responses.

OK. But why would we care for DT (i.e. DNSSEC transparency) - all we
care about, surely, is records that can influence the beholder's view
of the domain key(s)?

More information about the cryptography mailing list