In this talk, we show that the cryptographic agility in DNSSEC, although critical for making DNS secure with strong cryptography, also introduces a severe vulnerability. We demonstrate that adversaries, by manipulating the cryptographic material in signed DNS responses, can reduce the security level provided by DNSSEC, or, even worse, prevent resolvers from validating DNSSEC at all...
By: Elias Heftrig , Haya Shulman , Michael Waidner
Full Abstract & Presentation Materials: www.blackhat.com/us-22/briefings/schedule/#dnssec-…
Black Hat
コメント