Re: [DNSOP] on staleness of code points and code (mentions MD5 commentary from IETF98)

Petr Špaček <> Tue, 28 March 2017 15:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5183A128C83 for <>; Tue, 28 Mar 2017 08:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mf18gJQXGR7e for <>; Tue, 28 Mar 2017 08:32:36 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A0CCC1293F9 for <>; Tue, 28 Mar 2017 08:32:28 -0700 (PDT)
Received: from [IPv6:2001:1488:fffe:6:b883:4eff:fece:dc57] (unknown [IPv6:2001:1488:fffe:6:b883:4eff:fece:dc57]) by (Postfix) with ESMTPSA id 3EB2E87CAF for <>; Tue, 28 Mar 2017 17:32:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=default; t=1490715147; bh=GLxgIvOVi2XwY/wq31Dg8azkXoc+M3S//gC6xoBWFVs=; h=From:To:Date; b=s4DLEbqeJLPGaWYEJjNP6KQROuWLT4ZYLup/7KGlVZ+gtKjfp6rmwn47qpAsnHTt+ XNY5gKu4orTgO6pjcVTMep92d2jyRF7leW1CZ2mxbu5w27xOxrjOFqkE0WS0scwLhN ZLBIgHJ0Ib5pfy7q8UUyxVXloiOVn6vBiHOipL1Q=
From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <>
References: <> <> <> <> <>
To: dnsop <>
Organization: CZ.NIC
Message-ID: <>
Date: Tue, 28 Mar 2017 17:32:27 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [DNSOP] on staleness of code points and code (mentions MD5 commentary from IETF98)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Mar 2017 15:32:38 -0000

On 28.3.2017 17:05, Evan Hunt wrote:
> On Tue, Mar 28, 2017 at 03:36:40PM +0100, Tony Finch wrote:
>> Chris Thompson just mentioned to me another reason for dropping support
>> for RSAMD5: it uses a different DNSKEY tag calculation, which implies that
>> dropping support should simplify validators more than dropping other
>> algorithms.
> To be clear, for the benfit of those not in the room yesterday, I do *not*
> object to deprecating RSAMD5, I agree with the "MUST NOT" in the signer
> column, and that it's pointless to support it in new validator
> implementations.

Thank you for clarification!

> My problem is with elevating "pointless" to the force of a "MUST NOT".  I
> think it should be reduced in force to "OPTIONAL", "NOT RECOMMENDED", or
> even "SHOULD NOT".  Kill it on the supply side.

Here I have to agree with enforcing "MUST NOT". MD5 is a risk even on
the validating side. It might provide attacker with ability to forge
TLSA records in zones signed with MD5, which is has much worse
consequences than treating the zone as unsigned. It is a security
nightmare because validators supporting MD5 will treat this as valid and
happily accept forged certificates!

IMHO validator going to insecure mode is the right thing to do.
Applications are used to insecure records but there is no way to handle
seemingly (but not factually) "secure" records.

So again, MUST NOT is the right choice. I'm going to write tests for
Knot Resolver to ensure we never set AD bit for zones signed using MD5.
Right now.

Petr Špaček  @  CZ.NIC