Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?

Hugo Salgado-Hernández <hsalgado@nic.cl> Thu, 06 December 2018 13:26 UTC

Return-Path: <hsalgado@nic.cl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9930A128C65 for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 05:26:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MLO5Ej8F3jlK for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 05:26:58 -0800 (PST)
Received: from mail.nic.cl (mail.nic.cl [IPv6:2001:1398:1::6008]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F9D4128D09 for <dnsop@ietf.org>; Thu, 6 Dec 2018 05:26:58 -0800 (PST)
Received: from mail.nic.cl (localhost [127.0.0.1]) by mail.nic.cl (Postfix) with ESMTP id 4E25D800440 for <dnsop@ietf.org>; Thu, 6 Dec 2018 10:26:56 -0300 (-03)
Received: from nic.cl (unknown [IPv6:2001:1398:4:6:fab1:56ff:fed0:2618]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.nic.cl (Postfix) with ESMTPS id 4197580043B for <dnsop@ietf.org>; Thu, 6 Dec 2018 10:26:56 -0300 (-03)
Date: Thu, 6 Dec 2018 10:26:55 -0300
From: Hugo =?iso-8859-1?Q?Salgado-Hern=E1ndez?= <hsalgado@nic.cl>
To: dnsop@ietf.org
Message-ID: <20181206132655.lngnprkmv7wckv4b@nic.cl>
References: <20181201195126.GK4122@straasha.imrryr.org> <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org> <20181205221417.GW79754@straasha.imrryr.org> <20181205235455.GY79754@straasha.imrryr.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="r62ebkm6ydjfx5ga"
Content-Disposition: inline
In-Reply-To: <20181205235455.GY79754@straasha.imrryr.org>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Virus-Scanned: ClamAV using ClamSMTP on Thu Dec 6 10:26:56 2018 -0300 (-03)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DkXF2PE9Y5ubJTsaylJst5RngFI>
Subject: Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 13:26:59 -0000

On 18:54 05/12, Viktor Dukhovni wrote:
> No idea why people would just "make up" (non-)random DS records for
> their domains, but for some reason some do.  These made-up DS RRs

Could it be a bad (or nonexistent) validation in user input?

I've seen customers putting hostnames, google validation tokens
and even ftp passwords in DS fields.

Hugo