nsec5-draft icon indicating copy to clipboard operation
nsec5-draft copied to clipboard
verified publisher icon fcelda

Hash collision with owner name

Open vttale opened this issue 8 years ago • 1 comments

We should explicitly state what happens in the event a hash matches an existing owner name.

vttale avatar Mar 07 '17 14:03 vttale

We kind of expect that this won't ever happen. NSEC3 suggest to change the salt that we don't have. If the collision happens in NSEC5, the VRF key has to be replaced and that's not easy because all authoritative servers have to follow.

Maybe it would work if the NSEC bitmaps were combined for colliding names. But it breaks some security properties as a result.

fcelda avatar Jun 17 '17 14:06 fcelda