[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Q2: crypto algorithm requirements for DNSSEC
> Mark.Andrews@isc.org writes:
>
> > > signing and verifying => making deployment more straightforward. And
> > > ISTR from cryptography 101 class that it's usually not a good idea to
> > > encrypt or sign the same stuff with different keys or algorithms.
> >
> > Encrypting things multiple times is a problem.
> > Signing the same known plain text isn't.
>
> Sure it is -- how do yo know what to do if:
>
> 1) you only have something signed using one algorithm
> 2) data is signed with multiple algorithms but one sig fails
> 3) data is signed with multiple algorithms but only one sig succeeds
>
> There is a LOT of extra policy decision that needs to happen if you go
> down this road. A lot of extra implementation, too!
You are missing the whole point.
Encrypting the same plain text with multiple algorithms can
result in one algorithm canceling out the other algorithm
and allowing some/all of the original plain text to be
revealed.
This is not a issue when signing known plain text.
From a cryptographic standpoint there is nothing wrong with
signing the same thing with multiple algorithms. You do need
a policy (which DNSSEC has) for dealing with the case where
not all signatures verify.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>