## page was renamed from ToshinoriMaeno/memo/2011-07-03
2010年3月には公開されていたようですが、議論されていた様子がない。どうして? どれも当然の指摘だと思うが。
{{{
A Security Evaluation of DNSSEC with NSEC3
Jason Bau, John Mitchell, Stanford University
}}}
http://www.isoc.org/isoc/conferences/ndss/10/pdf/17.pdf
Table 1. Summary of Contributions
Vulnerability Found; Prevention Advice
== 4.5.1 Temporal Inconsistency Discovered ==
{{{
Resource Record remains valid in local resolver cache
after expiration of signatures or key rollover (revocation) higher in attestation chain
}}}
Resolver Software:
Resolver software sets RR TTL to depend on all signatures in attestation chain to trust anchor;<
>
Resolver software periodically re-acquires zone keys to re-validate cached attestation chains<
>
RFC: Propagate changes to RFC
== 5.1.1 Glue Record Redirection Violation ==
{{{
Glue records may be forged to direct next recursive query to attack DNS server
}}}
Domain Operator:
Use all secure delegations<
>
Resolver Software:
If forgery is suspected, query supposed authoritative zone to obtain signed version of glue records.
(Even if no action is taken, this vulnerability cannot result in acceptance of forged RR as final query answer)
== 5.1.3 NSEC3 Opt-out Violation ==
{{{
NSEC3 opt-out may be used to prepend falsified owner name in domain,
resulting in vulnerability to cookie-theft and pharming
}}}
Domain Operator:
Do not set NSEC3 opt-out flag<
>
Website Designer:
Do not use overly coarse cookie “domain” setting
== 5.1.4 Mismanaged Signature Expiration ==
{{{
Replay of still valid A+RRSIG after IP-address move (Bernstein [11])
}}}
Domain Operator:
Do not relinquish IP-address until all A+RRSIGs have expired
== 5.4 NSEC3 Salt Post-Computation ==
{{{
NSEC3 salt is ineffectual
}}}
Domain Operator:
Do not use salt. Increase number of hash iterations.
== 5.1.2 Inter-operation with DNS ==
{{{
Inter-operation with standard-DNS child zones means insecure answer returned by DNSSEC resolver
}}}
Domain Operator:
Adoption of DNSSEC; Do not interoperate DNSSEC with DNS
== 3.1.2 Interoperability with DNS Limitations ==
{{{
Lack of user-interface indicator of secure vs. insecure DNSSEC query result exposes end-user to exploitable insecure DNSSEC query result
}}}
User Software:
Provide DNS security indicators<
>
RFC:
Disallow insecure answers from DNSSEC resolvers once DNSSEC adoption ramps up
== 5.3.1 Eliminating Vulnerabilities By Attested Cache Resolver Design ==
{{{
Network attacker can arbitrarily manipulate DNSSEC reply header and status bits
}}}
Resolver Software:
Do not trust header bits. Resolver validates reply only using internal state and signed RRs.<
>
ISP:
Cannot trust remote server’s DNSSEC validation. Must request all DNSSEC RRs to validate at local resolver.
== 5.3.1 Eliminating Vulnerabilities By Attested Cache Resolver Design ==
{{{
Network attacker can arbitrarily add / subtract / mangle RRs in DNSSEC reply
}}}
Resolver Software:
Build attested cache for answering user queries using only authoritative signed RRs contained in DNSSEC replies
-----
-- ToshinoriMaeno <>