Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
Mark Andrews <marka@isc.org> Thu, 06 December 2018 21:19 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DB51311CD for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 13:19:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNnsf8d96XQq for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 13:19:21 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EFDB1311CA for <dnsop@ietf.org>; Thu, 6 Dec 2018 13:19:20 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id B70AC3AB003 for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 9700A160048 for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 86F7016007B for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id iEWzfSxYkD1o for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id F1CC9160048 for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:19 +0000 (UTC)
From: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 07 Dec 2018 08:19:17 +1100
References: <20181201195126.GK4122@straasha.imrryr.org> <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org> <20181205221417.GW79754@straasha.imrryr.org> <20181205235455.GY79754@straasha.imrryr.org> <20181206132655.lngnprkmv7wckv4b@nic.cl> <20181206205942.GA79754@straasha.imrryr.org>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <20181206205942.GA79754@straasha.imrryr.org>
Message-Id: <D9DF8033-5491-4A47-ACCF-60573DF83327@isc.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/faLqZmygW4tYr9jeHUNwEl2MkOU>
Subject: Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 21:19:23 -0000
> On 7 Dec 2018, at 7:59 am, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > On Thu, Dec 06, 2018 at 10:26:55AM -0300, Hugo Salgado-Hernández wrote: > >> On 18:54 05/12, Viktor Dukhovni wrote: >>> No idea why people would just "make up" (non-)random DS records for >>> their domains, but for some reason some do. These made-up DS RRs >> >> Could it be a bad (or nonexistent) validation in user input? >> >> I've seen customers putting hostnames, google validation tokens >> and even ftp passwords in DS fields. > > Well, the questionable values are well formed, they just have a > surprising "entropy deficit", which one would not expect in a SHA-1 > or SHA256 output. So syntactic input validation is unlikely to > catch this. > > To prevent crappy DS records, the registrar or registry would need > to check that the zone contains a matching key (matching key tag > and hash value) before publishing the DS record. In the examples > I posted, it seems clear that the values were accepted as-is, > without confirmation via the zone's DNSKEY RRset. > > IIRC some registrars don't support direct input of DS records, > rather they accept DNSKEY RRs, and compute the DS. That would > preclude some of the more creative junk values. Of course one can > still upload a junk RSA key. Junk keys are a bit more difficult > with ECDSA and EdDSA because keys have a fixed size and can be > validated as for correctness, here the worst one can do is use a > public key with a well known (example) or already leaked private > key. Well if registries don’t care about checking NS and GLUE records for consistency why would they check DS/DNSKEY pairs? Garbage in - garbage out. Mark > -- > Viktor. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] Time to update RSAMD5 and perhaps DSA (al… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Paul Wouters
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Ondřej Surý
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Hugo Salgado-Hernández
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Viktor Dukhovni
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Mark Andrews
- Re: [DNSOP] Time to update RSAMD5 and perhaps DSA… Patrick Mevzek