[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt

To: Wes Hardaker <hardaker@tislabs.com>
Subject: Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
From: David Blacka <davidb@verisignlabs.com>
Date: Tue, 27 Dec 2005 09:47:15 -0500
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, "Scott Rose" <scottr@nist.gov>, namedroppers@ops.ietf.org
In-reply-to: <sdek3zhxlk.fsf@wes.hardakers.net>
References: <ANECIHCPCBDLLEJLCOPGGEJDECAA.scottr@nist.gov> <a06200701bfc87ccb1424@[10.31.32.117]> <sd4q4vmwfm.fsf@wes.hardakers.net> <8F3F5675-F97D-4588-B190-1CE076CFFF64@verisignlabs.com> <sdek3zhxlk.fsf@wes.hardakers.net>


On Dec 27, 2005, at 1:18 AM, Wes Hardaker wrote:

On Mon, 26 Dec 2005 23:36:41 -0500, David Blacka<davidb@verisignlabs.com> said:
David> The use of MUST means that, if an implementation doesn't do the
David> thing, something Will Not Work.  All of this language is about
David> preferring SHA-256 to SHA-1. This is a Good Idea, but noneof thisDavid> is necessary for interoperability. Thus, SHOULD orRECOMMENDED is
David> the appropriate level for the entire paragraph.

There is a really large number of RFCs that have MUSTs for security
related things.  That's because without them, security Will Not Work
(which then affects interoperability).


True.

IMHO, it should stay as a MUST.  But...  I of course will follow the
consensus of the group.

Ok, let me step back a little. Part of what I'm arguing is that theparagraph, as currently constructed just isn't using MUST in anappropriate way. Statements like "client MUST have feature X, SHOULDuse feature X, but MAY choose not to" directly translate to "SHOULDuse feature X". The sentence "...implementations MUST be able toignore DS RRs..." is not meaningful in a protocol document. Or, inother words, pure software requirements have no place in a protocoldocument.


The document can say one of two things:

a) validators MUST ignore SHA-1 DSs when SHA-256 DS are present, or
b) validators SHOULD ignore SHA1-1 DSs ...

Currently, your paragraph is actually saying b.

My previous arguments were that b is the correct choice.

Though in this case I think we're not that close to the point where an
attack is actually executable against SHA-1...


Which is at least partly why b is the correct choice.

So, to conclude, I suggest that your paragraph just boil down to:

<t>Validator implementations SHOULD ignore DS RRs containing SHA-1digests if DS RRs with SHA-256 digests are present in the DS RRset.</t>



--
David Blacka    <davidb@verisignlabs.com>
Sr. Engineer    Verisign Applied Research



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: Wes Hardaker <hardaker@tislabs.com>
- Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: Alex Bligh <alex@alex.org.uk>

References:
- RE: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: "Scott Rose" <scottr@nist.gov>
- RE: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: Wes Hardaker <hardaker@tislabs.com>
- Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: David Blacka <davidb@verisignlabs.com>
- Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
  - From: Wes Hardaker <hardaker@tislabs.com>

Prev by Date: Re: [Question] What is an accurate meaning of "A server MAY cache a dead server indication"?
Next by Date: [Reminder] 8th TAHI IPv6 Interoperability Test Event
Previous by thread: Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
Next by thread: Re: I-D ACTION:draft-ietf-dnsext-ds-sha256-02.txt
Index(es):
- Date
- Thread