Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 06 December 2018 20:59 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0561130ED7 for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 12:59:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPP1lzh3WimI for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 12:59:44 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08C55130E68 for <dnsop@ietf.org>; Thu, 6 Dec 2018 12:59:43 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 1B42EA62C0; Thu, 6 Dec 2018 15:59:43 -0500 (EST)
Date: Thu, 06 Dec 2018 15:59:43 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dnsop@ietf.org
Message-ID: <20181206205942.GA79754@straasha.imrryr.org>
Reply-To: dnsop@ietf.org
References: <20181201195126.GK4122@straasha.imrryr.org> <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org> <20181205221417.GW79754@straasha.imrryr.org> <20181205235455.GY79754@straasha.imrryr.org> <20181206132655.lngnprkmv7wckv4b@nic.cl>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20181206132655.lngnprkmv7wckv4b@nic.cl>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-Wb63hKwVM7R9Fo8xw8fRj1nt9k>
Subject: Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 20:59:47 -0000
On Thu, Dec 06, 2018 at 10:26:55AM -0300, Hugo Salgado-Hernández wrote: > On 18:54 05/12, Viktor Dukhovni wrote: > > No idea why people would just "make up" (non-)random DS records for > > their domains, but for some reason some do. These made-up DS RRs > > Could it be a bad (or nonexistent) validation in user input? > > I've seen customers putting hostnames, google validation tokens > and even ftp passwords in DS fields. Well, the questionable values are well formed, they just have a surprising "entropy deficit", which one would not expect in a SHA-1 or SHA256 output. So syntactic input validation is unlikely to catch this. To prevent crappy DS records, the registrar or registry would need to check that the zone contains a matching key (matching key tag and hash value) before publishing the DS record. In the examples I posted, it seems clear that the values were accepted as-is, without confirmation via the zone's DNSKEY RRset. IIRC some registrars don't support direct input of DS records, rather they accept DNSKEY RRs, and compute the DS. That would preclude some of the more creative junk values. Of course one can still upload a junk RSA key. Junk keys are a bit more difficult with ECDSA and EdDSA because keys have a fixed size and can be validated as for correctness, here the worst one can do is use a public key with a well known (example) or already leaked private key. -- Viktor.
- [DNSOP] Time to update RSAMD5 and perhaps DSA (al… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Paul Wouters
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Ondřej Surý
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Hugo Salgado-Hernández
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Mark Andrews
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Patrick Mevzek