IETF Logo Mail Archive

Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06

Tony Finch <dot@dotat.at> Tue, 21 January 2020 17:31 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A09F120808; Tue, 21 Jan 2020 09:31:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74bgV3GL-zpN; Tue, 21 Jan 2020 09:31:52 -0800 (PST)
Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6ACF120170; Tue, 21 Jan 2020 09:31:52 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:34280) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1itxNW-0001Bc-KJ (Exim 4.92.3) (return-path <dot@dotat.at>); Tue, 21 Jan 2020 17:31:50 +0000
Date: Tue, 21 Jan 2020 17:31:49 +0000
From: Tony Finch <dot@dotat.at>
To: Warren Kumari <warren@kumari.net>
cc: Magnus Nyström <magnusn@gmail.com>, dnsop <dnsop@ietf.org>, draft-ietf-dnsop-rfc2845bis@ietf.org
In-Reply-To: <CAHw9_i+_T8ihVobQyPqeoOV-EJxS4eOza865ag_uLx_FM8Jgig@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.2001211716450.7252@grey.csi.cam.ac.uk>
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CAHw9_i+_T8ihVobQyPqeoOV-EJxS4eOza865ag_uLx_FM8Jgig@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-KOdwlKkPa3bnjGUAzwM4dqFSkg>
Subject: Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 17:31:57 -0000

Warren Kumari <warren@kumari.net> wrote:
>
> I don't think that it is realistic to deprecate SHA-1 in TSIG for the
> foreseeable future, but stronger recommendations about moving to
> SHA-256 might be in order.

Yes.

> There is already some text:

For context, the preceding paragraph says:

   The only message digest algorithm specified in the first version of
   these specifications [RFC2845] was "HMAC-MD5" (see [RFC1321],
   [RFC2104]).  Although a review of its security [RFC6151] concluded
   that "it may not be urgent to remove HMAC-MD5 from the existing
   protocols", with the availability of more secure alternatives the
   opportunity has been taken to make the implementation of this
   algorithm optional.

>    The use of SHA-1 [FIPS180-4], [RFC3174], (which is a 160-bit hash as
>    compared to the 128 bits for MD5), and additional hash algorithms in
>    the SHA family [FIPS180-4], [RFC3874], [RFC6234] with 224, 256, 384,
>    and 512 bits may be preferred in some cases.  This is because
>    increasingly successful cryptanalytic attacks are being made on the
>    shorter hashes.

I think the quoted paragraph should say something like:

   [RFC4635] added mandatory support in TSIG for SHA-1 [FIPS180-4],
   [RFC3174]. SHA-1 collisions have been demonstrated so the MD5
   security considerations apply to SHA-1 in a similar manner.

   Although support for hmac-sha1 in TSIG is still mandatory for
   compatibility reasons, existing uses should be replaced with
   hmac-sha256 or other SHA-2 digest algorithms [FIPS180-4], [RFC3874],
   [RFC6234].

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
German Bight: West veering northwest 4 or 5. Slight or moderate. Occasional
drizzle. Good, occasionally poor.

v2.23.0 | Report a Bug | By Email