Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?

Ondřej Surý <ondrej@isc.org> Tue, 04 December 2018 23:38 UTC

Return-Path: <ondrej@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4910C130DC9 for <dnsop@ietfa.amsl.com>; Tue, 4 Dec 2018 15:38:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.921
X-Spam-Level:
X-Spam-Status: No, score=-5.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o5psfEpts3sU for <dnsop@ietfa.amsl.com>; Tue, 4 Dec 2018 15:38:35 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73ACC130EE8 for <dnsop@ietf.org>; Tue, 4 Dec 2018 15:38:35 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 1DCE13AB069 for <dnsop@ietf.org>; Tue, 4 Dec 2018 23:38:35 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id C7538160046 for <dnsop@ietf.org>; Tue, 4 Dec 2018 23:38:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 92249160089 for <dnsop@ietf.org>; Tue, 4 Dec 2018 23:38:34 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UatWcQExQk2U for <dnsop@ietf.org>; Tue, 4 Dec 2018 23:38:34 +0000 (UTC)
Received: from [10.10.0.181] (40.20.broadband5.iol.cz [88.100.20.40]) by zmx1.isc.org (Postfix) with ESMTPSA id 02289160046 for <dnsop@ietf.org>; Tue, 4 Dec 2018 23:38:33 +0000 (UTC)
From: =?utf-8?B?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Date: Wed, 5 Dec 2018 00:38:31 +0100
References: <20181201195126.GK4122@straasha.imrryr.org>
To: dnsop@ietf.org
In-Reply-To: <20181201195126.GK4122@straasha.imrryr.org>
Message-Id: <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org>
X-Mailer: Apple Mail (2.3445.101.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6I9B5kDkl2mpeunQoA-xr3gJM7k>
Subject: Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Dec 2018 23:38:38 -0000

Viktor,

apart from the I-D in the LC, the upcoming BIND 9.14 release will have:

* GOST removed (as it was deprecated by Russian “upstream”)
* Both DSA algorithms removed (insecure)
* RSAMD5 algorithm to be removed (I just finished the MR and it needs to be reviewed: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1106)

Ondrej
--
Ondřej Surý
ondrej@isc.org

> On 1 Dec 2018, at 20:51, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> The IANA DNSSEC parameter registry lists RSAMD5 (algorithm 1) as
> deprecated, and refers to [RFC3110], [RFC4034] which state that
> RSAMD5 is "NOT RECOMMENDED".
> 
>    https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
> 
> "Survey says" that RSAMD5 is not only deprecated, but is in fact
> no longer used, by any of the ~9 million DNSSEC-delegated domains
> I've been able to find on the public Internet:
> 
>    https://lists.dns-oarc.net/pipermail/dns-operations/2018-December/018146.html
> 
> It only has the effect of breaking two domains that have only RSAMD5
> in the DS RRset, but have no DNSKEY RRs.  11 domains, have working
> keys for algorithms 5, 7, 8 or 13 with a DS RRset that also lists
> an orphaned algorithm 1 with no RSAMD5 keys at the zone apex.  A
> further 18 domains have RSAMD5 DS RRs, but are simply out of service
> even sans validation.
> 
> This suggests to me that the deprecation of RSAMD5 is a stunning
> success, it is gone, and perhaps it is time to say so:
> 
>    * Authoritative zones SHOULD NOT publish RSAMD5 DS RRs or
>      DNSKEY records.
> 
>    * Validating resolvers MUST ignore RSAMD5 DS RRs and DNSKEY
>      RRs, and MUST treat any zones with only ignored or unsupported
>      DS records as "insecure".
> 
> Perhaps we could be bolder and say the same for DSA (algorithm 3),
> this too is largely gone, but there's a cluster of ~4700 ".me"
> domains with DSA keys.  It is not clear that enabling those domains
> to validate merits ongoing support for algorithm 3.  So we might
> also add DSA to the list, encouraging resolver implementations to
> drop support for both RSAMD5 and DSA.
> 
> -- 
> 	Viktor.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop