This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit

On Sep 2, 2008, at 11:42 AM, bert hubert wrote:

> On Tue, Sep 02, 2008 at 09:50:15AM +0100, Roy Arends wrote:
>> I'd like to have more information how the "NSEC3" variant of DNSSEC
>> is
>> almost always breakable? I'd like to know how to interpret "almost
>> always
>> breakable".

> I think it has been established that NSEC(3) allows the creation of
> non-existent names within secured zones, if I followed things
> directly.
> So even if is signed, I can try to spoof in
> NS records for, using a purloined NSEC(3)
> record that
> covers The zone
> is then
> unsigned, and contains the data of my choice.
> As long as does not exist already of course.
> As a precautionary measure, might want to have dummy
> records for everything that 'looks' official.

How would that work provided that:

- .com deploys NSEC3 with opt-out
- There is a secure delegation from .com to
- And does not deploy OPT-OUT but contains a full
NSEC3 chain?

On the latter assumption please note that the OPT-OUT bit is only
supposed to be set over name-spans that only contain delegations and
has been designed specifically 'delegation-centric' zones such as
TLDs. If would be using opt-out they could be
subject to the attack you describe but they would be shooting
themselves in the feet.

I would think that the warnings in 5011 are big enough: opt-out is
under adult supervision only (TLDs are often parents... pun intended)


content-type: application/pgp-signature; x-mac-type=70674453;
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

Version: GnuPG v1.4.9 (Darwin)
Comment: This message is locally signed.



to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.