Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-digest-04.txt

Paul Hoffman <> Thu, 01 November 2018 15:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 445081252B7 for <>; Thu, 1 Nov 2018 08:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wPMHgM9UOvdR for <>; Thu, 1 Nov 2018 08:48:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 69C42124BAA for <>; Thu, 1 Nov 2018 08:48:54 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 1 Nov 2018 08:48:52 -0700
Received: from ([]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([]) with mapi id 15.00.1367.000; Thu, 1 Nov 2018 08:48:52 -0700
From: Paul Hoffman <>
To: Joe Abley <>
CC: dnsop WG <>
Thread-Topic: [DNSOP] [Ext] review: draft-wessels-dns-zone-digest-04.txt
Thread-Index: AQHUcfk4q2WLXNHvMkuk6zrahX4ZJKU7hiuA
Date: Thu, 01 Nov 2018 15:48:51 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/signed; boundary="Apple-Mail=_063609B1-FAC8-408A-86EC-670C53D75402"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-digest-04.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Nov 2018 15:48:56 -0000

On Nov 1, 2018, at 8:40 AM, Joe Abley <> wrote:
> On Nov 1, 2018, at 16:27, Paul Hoffman <> wrote:
>> The current ZONEMD draft fully supports algorithm agility. What it doesn't support is multiple hashes *within a single message*. Having seen how easy it is to screw up OpenPGP and S/MIME message processing to handle multiple hashes, I think having one hash per zone is much more likely to work.
> Suppose everybody supports digest algorithm A (e.g. it's the digest type that was mandatory to implement in the original specification). We use that in our ZONEMD RR because we have high confidence that clients will support it.
> At some later time digest algorithm B emerges which has some advantages over algorithm A. B is newer and not all software supports it. We would like to use B because its advantages are attractive to us, but we also want all of our clients to be able to use the ZONEMD RRs we publish.
> Since B is new we have lower confidence that it is supported by our current clients.
> We cannot use both A and B simultaneously on the publication side, since the specification requires us to choose just one.
> There is no signalling mechanism that will give us insight into our client population's support of algorithm B, even if we have non-empirical expectations that support will increase over time.
> Since we don't want to break things, we cannot use B.

Exactly right. This is precisely the problem that OpenPGP and S/MIME looked at when they created their multisig formats. And the results are incredibly complicated code for validation. It also leads to unanswerable questions like "what if the hash for A is right but the hash for B is wrong".

It's fine to go down the multisig route in this document, and it's fine to punt for a decade or three until a problem is found with SHA256 and SHA384. There are costs for both decisions.

--Paul Hoffman