Jan Schaumann on Nostr: You may have seen talk of the "#KeyTrap" #DNSSEC vulnerability in the last few days, ...
You may have seen talk of the "#KeyTrap" #DNSSEC vulnerability in the last few days, with patches pushed for e.g., bind, unbound, knot, etc. in a well coordinated effort across the #DNS community and industry.
In a nutshell: you could DoS a validating resolver by causing it to perform excessive expensive signature validations.
The research team has now published the technical paper:
https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
ISC has a good summary here:
https://www.isc.org/blogs/2024-bind-security-release/
In a nutshell: you could DoS a validating resolver by causing it to perform excessive expensive signature validations.
The research team has now published the technical paper:
https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
ISC has a good summary here:
https://www.isc.org/blogs/2024-bind-security-release/