[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DS Algorithm selection and SHA1 deprecation

To: Scott Rose <scottr@nist.gov>, Wes Hardaker <hardaker@tislabs.com>
Subject: RE: DS Algorithm selection and SHA1 deprecation
From: Alex Bligh <alex@alex.org.uk>
Date: Thu, 08 Dec 2005 14:03:21 +0000
Cc: namedroppers@ops.ietf.org, Alex Bligh <alex@alex.org.uk>
In-reply-to: <ANECIHCPCBDLLEJLCOPGKEFNECAA.scottr@nist.gov>
References: <ANECIHCPCBDLLEJLCOPGKEFNECAA.scottr@nist.gov>
Reply-to: Alex Bligh <alex@alex.org.uk>



--On 08 December 2005 08:56 -0500 Scott Rose <scottr@nist.gov> wrote:

If the DS RR is removed, the covering RRSIG wouldn't validate (needs the
entire RRset).

The validator would get confused and be unable to continue the validation
chain, but it would be able to know it was under attack.


Yes Geoff just walked in and explained it. There's one RRSig to cover
*all* the digests. I was thinking "but this could be vulnerable to
the SHA-1 attack too". The point, however, is that if ALL parent
zones up to the root have SHA-256, this vulnerability isn't there either.

So I agree that a validator that accepts and SHA-1 digest does not
degrade the security of a signer who signs with SHA-256 and possibly
other digests, assuming SHA-256 is preferred. Which means I also
agree with the proposed text.

Apologies for the rat-hole.

Alex

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- RE: DS Algorithm selection and SHA1 deprecation
  - From: "Scott Rose" <scottr@nist.gov>

Prev by Date: RE: DS Algorithm selection and SHA1 deprecation
Next by Date: draft-ietf-dnsext-ds-sha256-02.txt published
Previous by thread: RE: DS Algorithm selection and SHA1 deprecation
Next by thread: Re: DS Algorithm selection and SHA1 deprecation
Index(es):
- Date
- Thread