Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?

Mark Andrews <marka@isc.org> Thu, 06 December 2018 21:19 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DB51311CD for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 13:19:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNnsf8d96XQq for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 13:19:21 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EFDB1311CA for <dnsop@ietf.org>; Thu, 6 Dec 2018 13:19:20 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id B70AC3AB003 for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 9700A160048 for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 86F7016007B for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id iEWzfSxYkD1o for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:20 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id F1CC9160048 for <dnsop@ietf.org>; Thu, 6 Dec 2018 21:19:19 +0000 (UTC)
From: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 7 Dec 2018 08:19:17 +1100
References: <20181201195126.GK4122@straasha.imrryr.org> <A30290FE-DED7-46BD-B07B-7E795F6B3334@isc.org> <20181205221417.GW79754@straasha.imrryr.org> <20181205235455.GY79754@straasha.imrryr.org> <20181206132655.lngnprkmv7wckv4b@nic.cl> <20181206205942.GA79754@straasha.imrryr.org>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <20181206205942.GA79754@straasha.imrryr.org>
Message-Id: <D9DF8033-5491-4A47-ACCF-60573DF83327@isc.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/faLqZmygW4tYr9jeHUNwEl2MkOU>
Subject: Re: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 21:19:23 -0000

> On 7 Dec 2018, at 7:59 am, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> On Thu, Dec 06, 2018 at 10:26:55AM -0300, Hugo Salgado-Hernández wrote:
> 
>> On 18:54 05/12, Viktor Dukhovni wrote:
>>> No idea why people would just "make up" (non-)random DS records for
>>> their domains, but for some reason some do.  These made-up DS RRs
>> 
>> Could it be a bad (or nonexistent) validation in user input?
>> 
>> I've seen customers putting hostnames, google validation tokens
>> and even ftp passwords in DS fields.
> 
> Well, the questionable values are well formed, they just have a
> surprising "entropy deficit", which one would not expect in a SHA-1
> or SHA256 output.  So syntactic input validation is unlikely to
> catch this.
> 
> To prevent crappy DS records, the registrar or registry would need
> to check that the zone contains a matching key (matching key tag
> and hash value) before publishing the DS record.  In the examples
> I posted, it seems clear that the values were accepted as-is,
> without confirmation via the zone's DNSKEY RRset.
> 
> IIRC some registrars don't support direct input of DS records,
> rather they accept DNSKEY RRs, and compute the DS.  That would
> preclude some of the more creative junk values.  Of course one can
> still upload a junk RSA key.  Junk keys are a bit more difficult
> with ECDSA and EdDSA because keys have a fixed size and can be
> validated as for correctness, here the worst one can do is use a
> public key with a well known (example) or already leaked private
> key.

Well if registries don’t care about checking NS and GLUE records
for consistency why would they check DS/DNSKEY pairs?

Garbage in - garbage out.

Mark

> -- 
> 	Viktor.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org