2010年3月には公開されていたようですが、議論されていた様子がない。どうして? どれも当然の指摘だと思うが。
A Security Evaluation of DNSSEC with NSEC3 Jason Bau, John Mitchell, Stanford University
http://www.isoc.org/isoc/conferences/ndss/10/pdf/17.pdf
Table 1. Summary of Contributions
Vulnerability Found; Prevention Advice
1. 4.5.1 Temporal Inconsistency Discovered
Resource Record remains valid in local resolver cache after expiration of signatures or key rollover (revocation) higher in attestation chain
Resolver Software: Resolver software sets RR TTL to depend on all signatures in attestation chain to trust anchor;
Resolver software periodically re-acquires zone keys to re-validate cached attestation chains
RFC: Propagate changes to RFC
2. 5.1.1 Glue Record Redirection Violation
Glue records may be forged to direct next recursive query to attack DNS server
Domain Operator: Use all secure delegations
Resolver Software: If forgery is suspected, query supposed authoritative zone to obtain signed version of glue records. (Even if no action is taken, this vulnerability cannot result in acceptance of forged RR as final query answer)
3. 5.1.3 NSEC3 Opt-out Violation
NSEC3 opt-out may be used to prepend falsified owner name in domain, resulting in vulnerability to cookie-theft and pharming
Domain Operator: Do not set NSEC3 opt-out flag
Website Designer: Do not use overly coarse cookie “domain” setting
4. 5.1.4 Mismanaged Signature Expiration
Replay of still valid A+RRSIG after IP-address move (Bernstein [11])
Domain Operator: Do not relinquish IP-address until all A+RRSIGs have expired
5. 5.4 NSEC3 Salt Post-Computation
NSEC3 salt is ineffectual
Domain Operator: Do not use salt. Increase number of hash iterations.
6. 5.1.2 Inter-operation with DNS
Inter-operation with standard-DNS child zones means insecure answer returned by DNSSEC resolver
Domain Operator: Adoption of DNSSEC; Do not interoperate DNSSEC with DNS
7. 3.1.2 Interoperability with DNS Limitations
Lack of user-interface indicator of secure vs. insecure DNSSEC query result exposes end-user to exploitable insecure DNSSEC query result
User Software: Provide DNS security indicators
RFC: Disallow insecure answers from DNSSEC resolvers once DNSSEC adoption ramps up
8. 5.3.1 Eliminating Vulnerabilities By Attested Cache Resolver Design
Network attacker can arbitrarily manipulate DNSSEC reply header and status bits
Resolver Software: Do not trust header bits. Resolver validates reply only using internal state and signed RRs.
ISP: Cannot trust remote server’s DNSSEC validation. Must request all DNSSEC RRs to validate at local resolver.
9. 5.3.1 Eliminating Vulnerabilities By Attested Cache Resolver Design
Network attacker can arbitrarily add / subtract / mangle RRs in DNSSEC reply
Resolver Software: Build attested cache for answering user queries using only authoritative signed RRs contained in DNSSEC replies
-- ToshinoriMaeno 2011-07-03 23:19:55