> part text/plain 787 [email protected] > writes: > > > Internet-Draft draft-ietf-dnsop-must-not-sha1-10.txt is now available. It i > s a > > work item of the Domain Name System Operations (DNSOP) WG of the IETF. > > FYI, the only changes in this document from the previous were > accepting the text changes from the discussion around the issues > brought up previously and the text suggestions from the discussion > I started in the "Paths forward WRT the draft-ietf-dnsop-must-not-sha1 > discrepancy" thread. Specifically thank you to Paul and Peter for > suggesting text that seemed like the best paths forward for handling > the discrepancies. -- Wes Hardaker Google
The result seems to be quite inconsistent. Validating resolver implementations ([RFC9499] section 10) MUST continue to support validation using these algorithms as they are diminishing in use but still actively in use for some domains as of this publication. Operators of validating resolvers MUST treat DNSSEC signing algorithms RSASHA1 and RSASHA1-NSEC3-SHA1 as unsupported, rendering responses insecure if they cannot be validated by other supported signing algorithms. We have two sentences. The first decribes how RSHSHA1* is in active use and has to be supported by validating resolver implementations. The second sentence says that operators have to disable support for RSHSHA1*. I'm not sure who is going to be happy with this document. Software vendors have to support algorithms that operators are instructed to disable. Why? Operators are instructed to disable algorithms that are (quoting the document) "still actively in use for some domains as of this publication" reducing the security of domains that from a technical perspective are currently quite secure. (SHA-1 lacks collision resistance but is secure against pre-image attacks). There is another inconsistency that is not resolved. The IANA considerations has the following: IANA is requested to set the "Use for DNSSEC Delegation" field of the "Digest Algorithms" registry [DS-IANA] [I-D.ietf-dnsop-rfc8624-bis] for SHA-1 (1) to MUST NOT. Note that this is that hash algorithm used to create the DS record. It is completely independent of the signing algorithm specified in the DNSKEY that is used to create the DS record. However Section 2 says: "The RSASHA1 [RFC4034] and RSASHA1-NSEC3-SHA1 [RFC5155] algorithms MUST NOT be used when creating DS records." Here it specifies that the DNSKEY cannot have RSASHA1* but says nothing about the hash algorithm used to create the DS record (wwhich could be SHA-1). _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
