IETF Logo Mail Archive

Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06

Warren Kumari <warren@kumari.net> Tue, 21 January 2020 20:47 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8771200B8 for <dnsop@ietfa.amsl.com>; Tue, 21 Jan 2020 12:47:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTh_cZ0oMCxP for <dnsop@ietfa.amsl.com>; Tue, 21 Jan 2020 12:47:18 -0800 (PST)
Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A4D412003F for <dnsop@ietf.org>; Tue, 21 Jan 2020 12:47:18 -0800 (PST)
Received: by mail-qt1-x842.google.com with SMTP id v25so3821989qto.7 for <dnsop@ietf.org>; Tue, 21 Jan 2020 12:47:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0czHUDDSeYwiz14McwhsltOhltU4d9rihnPsLn5dqgM=; b=e3EAeQ1pPiXSr5UFjQWOeUa0YYJ9WQSxBhcHJVeGs7ZU5QLjY/lRB1xMHqI8iIX2E/ Dslt1sCJ8NjQFTFYcDPMVO0smVBf78K/bJuNVktTAE3pRZJgQ7cktj7suK7Bs17w9UNS PYYikK8OA1m3YXrcbOuIy8Oe29NIfqMAeACMpb+b+iRntlhZp65EUZu8CkmWHBqIDEvn d6+5FI0R4xFq3al2ElvPWY1p/B1Mn8wICpzd2PQ21WlIZlOwM+CaUiDkcsZHw3ANyCic bbIKjYGoeCyYbYZa7gStvfCErqhJaq+JhuvEUuoxg+y/0/6nYseZ/MA9GJR15NS+1yXj Askw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0czHUDDSeYwiz14McwhsltOhltU4d9rihnPsLn5dqgM=; b=b6VDYzHmXeagGKgneZNNs+Z8ZzT3JlIZICT9mkC2+q67aD8tg3kEY5OrdAO+qEACI/ RDiUeSX1WH6dL90IqJ6B0P+H59OtgjirrGyyKTcvrNH/gfPmFDTsRPIDwjba5CgpbWli c80z1ewPb1Uq3cgd51ReGJ2pByiuCkY7U5ySX9kVstnzkNEOQVZdcI+cP1mcuXbpVZW8 1LodDNWaMmPWb2Idc7an8vJisjHR3DNe1g0W1A+HvWaJfalovXyE0Mqe87pk5R0XP3Pn cRtTfIUH9W1V4OE8nymOU2LsmewqHGiClkgJcSDUNkwIihk1PblVjUoeRgiqJWvdvNt1 Y49g==
X-Gm-Message-State: APjAAAVHhXdZfdnbavfw0cKqUZ5Ct39ez1Pn91xtXZUYLhXr2Xhla/iI vrBtCNxtTbpzPAIaIZEQ4yq8+/hurLxARM4jqO3rlg==
X-Google-Smtp-Source: APXvYqwTh4fqTFbRz7j29/P5DR3gsXVvr3GRvMsT9t1cs5KfbvlZfblPEJtbXYiJ9eZ6s1VKkDnZQeKYiFKXQH0ofWY=
X-Received: by 2002:aed:2ac5:: with SMTP id t63mr6399017qtd.315.1579639637393; Tue, 21 Jan 2020 12:47:17 -0800 (PST)
MIME-Version: 1.0
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CAHw9_i+_T8ihVobQyPqeoOV-EJxS4eOza865ag_uLx_FM8Jgig@mail.gmail.com> <alpine.DEB.2.20.2001211716450.7252@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.20.2001211716450.7252@grey.csi.cam.ac.uk>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 21 Jan 2020 15:46:41 -0500
Message-ID: <CAHw9_iKC06_5enbTHb2Q3EUSDGgArZ43xvDEaT5Ft6jWcnXArA@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: Magnus Nyström <magnusn@gmail.com>, dnsop <dnsop@ietf.org>, draft-ietf-dnsop-rfc2845bis@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/q0DQQZ-XBT4cx0HHiV4VU6bPpyQ>
Subject: Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 20:47:24 -0000

On Tue, Jan 21, 2020 at 12:31 PM Tony Finch <dot@dotat.at> wrote:
>
> Warren Kumari <warren@kumari.net> wrote:
> >
> > I don't think that it is realistic to deprecate SHA-1 in TSIG for the
> > foreseeable future, but stronger recommendations about moving to
> > SHA-256 might be in order.
>
> Yes.
>
> > There is already some text:
>
> For context, the preceding paragraph says:
>
>    The only message digest algorithm specified in the first version of
>    these specifications [RFC2845] was "HMAC-MD5" (see [RFC1321],
>    [RFC2104]).  Although a review of its security [RFC6151] concluded
>    that "it may not be urgent to remove HMAC-MD5 from the existing
>    protocols", with the availability of more secure alternatives the
>    opportunity has been taken to make the implementation of this
>    algorithm optional.
>
> >    The use of SHA-1 [FIPS180-4], [RFC3174], (which is a 160-bit hash as
> >    compared to the 128 bits for MD5), and additional hash algorithms in
> >    the SHA family [FIPS180-4], [RFC3874], [RFC6234] with 224, 256, 384,
> >    and 512 bits may be preferred in some cases.  This is because
> >    increasingly successful cryptanalytic attacks are being made on the
> >    shorter hashes.
>
> I think the quoted paragraph should say something like:
>
>    [RFC4635] added mandatory support in TSIG for SHA-1 [FIPS180-4],
>    [RFC3174]. SHA-1 collisions have been demonstrated so the MD5
>    security considerations apply to SHA-1 in a similar manner.
>
>    Although support for hmac-sha1 in TSIG is still mandatory for
>    compatibility reasons, existing uses should be replaced with
>    hmac-sha256 or other SHA-2 digest algorithms [FIPS180-4], [RFC3874],
>    [RFC6234].
>
> Tony.


Oooh. I like it - that seems to address both my, and (presumably!)
Magnus' concerns -- anyone object / have any additions?

W

> --
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
> German Bight: West veering northwest 4 or 5. Slight or moderate. Occasional
> drizzle. Good, occasionally poor.



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email