Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06
Tony Finch <dot@dotat.at> Tue, 21 January 2020 17:31 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A09F120808; Tue, 21 Jan 2020 09:31:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74bgV3GL-zpN; Tue, 21 Jan 2020 09:31:52 -0800 (PST)
Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6ACF120170; Tue, 21 Jan 2020 09:31:52 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:34280) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1itxNW-0001Bc-KJ (Exim 4.92.3) (return-path <dot@dotat.at>); Tue, 21 Jan 2020 17:31:50 +0000
Date: Tue, 21 Jan 2020 17:31:49 +0000
From: Tony Finch <dot@dotat.at>
To: Warren Kumari <warren@kumari.net>
cc: Magnus Nyström <magnusn@gmail.com>, dnsop <dnsop@ietf.org>, draft-ietf-dnsop-rfc2845bis@ietf.org
In-Reply-To: <CAHw9_i+_T8ihVobQyPqeoOV-EJxS4eOza865ag_uLx_FM8Jgig@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.2001211716450.7252@grey.csi.cam.ac.uk>
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CAHw9_i+_T8ihVobQyPqeoOV-EJxS4eOza865ag_uLx_FM8Jgig@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-KOdwlKkPa3bnjGUAzwM4dqFSkg>
Subject: Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 17:31:57 -0000
Warren Kumari <warren@kumari.net> wrote: > > I don't think that it is realistic to deprecate SHA-1 in TSIG for the > foreseeable future, but stronger recommendations about moving to > SHA-256 might be in order. Yes. > There is already some text: For context, the preceding paragraph says: The only message digest algorithm specified in the first version of these specifications [RFC2845] was "HMAC-MD5" (see [RFC1321], [RFC2104]). Although a review of its security [RFC6151] concluded that "it may not be urgent to remove HMAC-MD5 from the existing protocols", with the availability of more secure alternatives the opportunity has been taken to make the implementation of this algorithm optional. > The use of SHA-1 [FIPS180-4], [RFC3174], (which is a 160-bit hash as > compared to the 128 bits for MD5), and additional hash algorithms in > the SHA family [FIPS180-4], [RFC3874], [RFC6234] with 224, 256, 384, > and 512 bits may be preferred in some cases. This is because > increasingly successful cryptanalytic attacks are being made on the > shorter hashes. I think the quoted paragraph should say something like: [RFC4635] added mandatory support in TSIG for SHA-1 [FIPS180-4], [RFC3174]. SHA-1 collisions have been demonstrated so the MD5 security considerations apply to SHA-1 in a similar manner. Although support for hmac-sha1 in TSIG is still mandatory for compatibility reasons, existing uses should be replaced with hmac-sha256 or other SHA-2 digest algorithms [FIPS180-4], [RFC3874], [RFC6234]. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ German Bight: West veering northwest 4 or 5. Slight or moderate. Occasional drizzle. Good, occasionally poor.
- Re: [DNSOP] [secdir] Secdir review of draft-ietf-… Warren Kumari
- Re: [DNSOP] [secdir] Secdir review of draft-ietf-… Tony Finch
- Re: [DNSOP] [secdir] Secdir review of draft-ietf-… Warren Kumari
- Re: [DNSOP] [secdir] Secdir review of draft-ietf-… Warren Kumari
- Re: [DNSOP] [secdir] Secdir review of draft-ietf-… Tony Finch
- Re: [DNSOP] [secdir] Secdir review of draft-ietf-… Warren Kumari