Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Wed, Dec 05, 2018 at 12:38:31AM +0100, Ondřej Surý wrote:

> apart from the I-D in the LC, the upcoming BIND 9.14 release will have:
> 
> * GOST removed (as it was deprecated by Russian “upstream”)
> * Both DSA algorithms removed (insecure)
> * RSAMD5 algorithm to be removed (I just finished the MR and it needs to be reviewed: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1106)

Thanks for the cleanup.  I added a comment to the review noting
that no RSAMD5 DNSKEY RRs have been observed in the wild, at any
of the domains covered in my survey.  The survey does not descend
below child domains of the Mozilla PSL, so one could conjecture
some domains using RSAMD5 deeper in the DNS tree, in some internal
sub-domain of an organization, but even if the number of such domains
is not zero, it is time for them to move along or be correctly
considered "insecure".

I took a look at the most recent DS RRset data drop from FarSight
Security (credit to Paul Vixie), which includes some "deeper"
domains, and found one domain with four sub-domains with actual
RSAMD5 DNSKEYs:

    d1a1n1.rootcanary.net. IN DS 18698 1 1 [...]
    d1a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]
    ;
    d2a1n1.rootcanary.net. IN DS 11102 1 2 [...]
    d2a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]
    ;
    d3a1n1.rootcanary.net. IN DS 27842 1 3 [...]
    d3a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]
    ;
    d4a1n1.rootcanary.net. IN DS 1927 1 4 [...]
    d4a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]

I don't think this counts as a "production" RSAMD5 deployment.

-- 
	Viktor.