RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4035, "Protocol Modifications for the DNS Security Extensions", March 2005

Note: This RFC has been updated by RFC 4470, RFC 6014, RFC 6840, RFC 8198, RFC 9077, RFC 9520

Source of RFC: dnsext (int)

Errata ID: 8037
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Elias Heftrig
Date Reported: 2024-07-18
Held for Document Update by: Eric Vyncke
Date Held: 2024-08-07

Section 5.3.1. says:

   [...] the validator cannot predetermine which DNSKEY
   RR to use to authenticate the signature, and it MUST try each
   matching DNSKEY RR until either the signature is validated or the
   validator has run out of matching public keys to try.

It should say:

   [...] the validator cannot predetermine which DNSKEY
   RR to use to authenticate the signature, and it SHOULD try each
   matching DNSKEY RR until either the signature is validated or the
   validator has run out of matching public keys to try.

Notes:

The original text requires validators to invest an unreasonable amount of work to validate a given signature in case there are many such DNSKEY RRs. The issue was exploited in the construction of CPU resource exhaustion attacks (CVE-2023-50387). For more details see our publication with ACM CCS'24 on the KeyTrap denial of service vulnerabilities.

-- verifier note --
While the concern is valid, this erratum does not represent the DNSEXT WG consensus at the time of writing, i.e., it cannot be "verified"

Report New Errata



Advanced Search