[DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 01 December 2018 19:51 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E13D2130E46 for <dnsop@ietfa.amsl.com>; Sat, 1 Dec 2018 11:51:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5gmS5p9T_weN for <dnsop@ietfa.amsl.com>; Sat, 1 Dec 2018 11:51:29 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F322C130E35 for <dnsop@ietf.org>; Sat, 1 Dec 2018 11:51:28 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id C72E97E6A6; Sat, 1 Dec 2018 14:51:26 -0500 (EST)
Date: Sat, 1 Dec 2018 14:51:26 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dnsop@ietf.org
Message-ID: <20181201195126.GK4122@straasha.imrryr.org>
Reply-To: dnsop@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/l7kRWU8YeMG-A3fs80kchi9x8Yk>
Subject: [DNSOP] Time to update RSAMD5 and perhaps DSA (algs 1 and 3) to MUST NOT?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Dec 2018 19:51:31 -0000

The IANA DNSSEC parameter registry lists RSAMD5 (algorithm 1) as
deprecated, and refers to [RFC3110], [RFC4034] which state that


"Survey says" that RSAMD5 is not only deprecated, but is in fact
no longer used, by any of the ~9 million DNSSEC-delegated domains
I've been able to find on the public Internet:


It only has the effect of breaking two domains that have only RSAMD5
in the DS RRset, but have no DNSKEY RRs.  11 domains, have working
keys for algorithms 5, 7, 8 or 13 with a DS RRset that also lists
an orphaned algorithm 1 with no RSAMD5 keys at the zone apex.  A
further 18 domains have RSAMD5 DS RRs, but are simply out of service
even sans validation.

This suggests to me that the deprecation of RSAMD5 is a stunning
success, it is gone, and perhaps it is time to say so:

    * Authoritative zones SHOULD NOT publish RSAMD5 DS RRs or
      DNSKEY records.

    * Validating resolvers MUST ignore RSAMD5 DS RRs and DNSKEY
      RRs, and MUST treat any zones with only ignored or unsupported
      DS records as "insecure".

Perhaps we could be bolder and say the same for DSA (algorithm 3),
this too is largely gone, but there's a cluster of ~4700 ".me"
domains with DSA keys.  It is not clear that enabling those domains
to validate merits ongoing support for algorithm 3.  So we might
also add DSA to the list, encouraging resolver implementations to
drop support for both RSAMD5 and DSA.