Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 05 December 2018 22:14 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 337AE130EED for <dnsop@ietfa.amsl.com>; Wed, 5 Dec 2018 14:14:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IilfgtSaSn9A for <dnsop@ietfa.amsl.com>; Wed, 5 Dec 2018 14:14:20 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9890130E16 for <dnsop@ietf.org>; Wed, 5 Dec 2018 14:14:19 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 91AEAA51D0; Wed, 5 Dec 2018 17:14:17 -0500 (EST)
Date: Wed, 5 Dec 2018 17:14:17 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dnsop@ietf.org
Message-ID: <20181205221417.GW79754@straasha.imrryr.org>
Reply-To: dnsop@ietf.org
References: <20181201195126.GK4122@straasha.imrryr.org> <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DVEvhdbouFT2bZXKMlgSM_rDG1A>
Subject: Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 22:14:22 -0000

On Wed, Dec 05, 2018 at 12:38:31AM +0100, Ondřej Surý wrote:

> apart from the I-D in the LC, the upcoming BIND 9.14 release will have:
> 
> * GOST removed (as it was deprecated by Russian “upstream”)
> * Both DSA algorithms removed (insecure)
> * RSAMD5 algorithm to be removed (I just finished the MR and it needs to be reviewed: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1106)

Thanks for the cleanup.  I added a comment to the review noting
that no RSAMD5 DNSKEY RRs have been observed in the wild, at any
of the domains covered in my survey.  The survey does not descend
below child domains of the Mozilla PSL, so one could conjecture
some domains using RSAMD5 deeper in the DNS tree, in some internal
sub-domain of an organization, but even if the number of such domains
is not zero, it is time for them to move along or be correctly
considered "insecure".

I took a look at the most recent DS RRset data drop from FarSight
Security (credit to Paul Vixie), which includes some "deeper"
domains, and found one domain with four sub-domains with actual
RSAMD5 DNSKEYs:

    d1a1n1.rootcanary.net. IN DS 18698 1 1 [...]
    d1a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]
    ;
    d2a1n1.rootcanary.net. IN DS 11102 1 2 [...]
    d2a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]
    ;
    d3a1n1.rootcanary.net. IN DS 27842 1 3 [...]
    d3a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]
    ;
    d4a1n1.rootcanary.net. IN DS 1927 1 4 [...]
    d4a1n1.rootcanary.net. IN DNSKEY 257 3 1 [...]

I don't think this counts as a "production" RSAMD5 deployment.

-- 
	Viktor.