[DNSOP] SHA-1 chosen prefix collisions and DNSSEC
Tony Finch <dot@dotat.at> Thu, 09 January 2020 20:31 UTC
Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5FF31202A0 for <dnsop@ietfa.amsl.com>; Thu, 9 Jan 2020 12:31:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.617
X-Spam-Level:
X-Spam-Status: No, score=-2.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTa2ISm_VM74 for <dnsop@ietfa.amsl.com>; Thu, 9 Jan 2020 12:31:07 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A311812011B for <dnsop@ietf.org>; Thu, 9 Jan 2020 12:31:07 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DFE6721D75 for <dnsop@ietf.org>; Thu, 9 Jan 2020 15:31:06 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 09 Jan 2020 15:31:06 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=86rD/X z3L8xeQh2+x2ed6VGb2o/RTqHaqkjAbY/F1/c=; b=Gqb4O3+b5hImCf9CqXzrU5 Z+mBYgtDTAgIp3h7S5rNqGW3yJVfZ7gcuF8JUfRVKBkhnGfPXFJWHvvR3EeYqxqA rgeTjiOKXlJbL6vpX7n3J9jIlc7IO436ebHW1/ro/ts0gyeVOGSE9bLgK1LbrRG/ SJZg04erDujDxvSY0kqyayHRV9xHNZa3TVlQ1zI88TzY3eSqDSgT+1F438aMzrYN B2rby/jZ5s5v0HckhwhlVghbQvCb2Wr8CXONu998G8Slt1c54WNnESS3r/hRn6rS ww4v9inu+u/c5PZ9SQw/WVyJZYP6Zxr70WlRqlMvLXe31YMAJ7D4Hh4EGEmMG79w ==
X-ME-Sender: <xms:io0XXrHjyPF7PAoB-cAS6o98TPPJEUTa_rdVZnQMpfN-xxL3GDiHKg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdeiuddguddtvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptgfghfggfffukffvofesrgejmh erhhdtjeenucfhrhhomhepvfhonhihucfhihhntghhuceoughothesughothgrthdrrght qeenucffohhmrghinhepughothgrthdrrghtpdhivghtfhdrohhrghdptggrmhdrrggtrd hukhenucfkphepudefuddrudduuddrhedrudekvdenucfrrghrrghmpehmrghilhhfrhho mhepughothesughothgrthdrrghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:io0XXkapRNHiG3EXZzmuD6AHdyTXbNUnfTPDHuMladJQ9oIQtByObw> <xmx:io0XXofsR-StTAon8VQHRM9OAiGgwvSHiTGSZKfjZfxhtXN8fCXH4Q> <xmx:io0XXoBcAfTlQp57ZD3u5nLBM99lHetE7Hx6Yfd1WyvCMn9a2HrMnw> <xmx:io0XXq_tPvflEjmSqa2njf32LLCNW6XoApmzKbNsIfBhl7dlvzeWZA>
Received: from [10.249.175.159] (global-5-182.nat-2.net.cam.ac.uk [131.111.5.182]) by mail.messagingengine.com (Postfix) with ESMTPA id 2A2C630607BE for <dnsop@ietf.org>; Thu, 9 Jan 2020 15:31:06 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail-5CFE8F5B-033C-485C-8057-957BDF8DF595"
Content-Transfer-Encoding: 7bit
From: Tony Finch <dot@dotat.at>
Mime-Version: 1.0 (1.0)
Date: Thu, 09 Jan 2020 20:31:03 +0000
Message-Id: <76ABA29A-22AE-4F5E-BC15-05B1EB684473@dotat.at>
To: dnsop@ietf.org
X-Mailer: iPhone Mail (16G140)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6WI4ZYseseHh-a2P418_n_Ir_ic>
Subject: [DNSOP] SHA-1 chosen prefix collisions and DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 20:31:10 -0000
I have written a blog post with my understanding of the implications of the SHAmbles attack for DNSSEC. https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html Conclusions from the article: Whenever a DNS zone is signed with a SHA-1 DNSKEY algorithm it is vulnerable to chosen prefix collision attacks. This is a problem when a zone accepts updates from multiple parties, such as: TLDs enterprises hosting providers It is also a problem when a key is re-used by multiple zones. Zones using algorithm numbers 7 or less should be upgraded. The recommended algorithms are 13 (ECDSAP256SHA256) or 8 (RSASHA256, with 2048 bit keys). For extra protection against chosen prefix collision attacks, zones should not share keys, and they should have separate ZSKs and KSKs. DNSSEC zone signing software should provide extra protection against chosen prefix collisions by adding more randomness to the inception and expiration times in RRSIG records. Software implementing CDNSKEY and CDS checks must ensure that the records are properly signed by a KSK, not just a ZSK. Top-level domain registry software must not accept over-sized DS records. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at
- [DNSOP] SHA-1 chosen prefix collisions and DNSSEC Tony Finch
- Re: [DNSOP] SHA-1 chosen prefix collisions and DN… Tony Finch
- [DNSOP] SHA-1 and DNSSEC validation Tony Finch