Re: [secdir] secdir review of draft-ietf-dnsext-dnssec-alg-allocation-02

Andrew Sullivan <> Tue, 02 March 2010 23:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E905F28C2A7; Tue, 2 Mar 2010 15:12:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1Ir74c8ugzR4; Tue, 2 Mar 2010 15:12:16 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id A6FED28C25C; Tue, 2 Mar 2010 15:12:12 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id EE1ED1ECBC22; Tue, 2 Mar 2010 23:12:10 +0000 (UTC)
Date: Tue, 2 Mar 2010 18:12:04 -0500
From: Andrew Sullivan <>
To: Barry Leiba <>
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [secdir] secdir review of draft-ietf-dnsext-dnssec-alg-allocation-02
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Mar 2010 23:12:23 -0000

On Tue, Mar 02, 2010 at 03:42:24PM -0500, Barry Leiba wrote:
> > More importantly, I'm not sure there's actually a problem to solve
> > here.  Do we have a problem in other protocols where poor crypto
> > algorithms have won out over better-designed algorithms?
> Actually, we do -- not with "won out", so much as "got implemented",
> which then leaves a hole in the algorithm negotiation process.  HTTP
> clients and servers, for instance, often support long-broken versions
> of SSL, weak encryption algorithms, and too-short key lengths.  The
> result is that both clients and servers can be steered, in the
> negotiation process, toward use of weak crypto, which can then
> undermine the security of the transactions.

Hrm.  Well, in DNSSEC, there _is_ no algorithm negotiation process.
The client validates using the signatures that are published, or it
doesn't validate at all.  And remember that in the case of DNSSEC, we
have no reason (so far) to suppose that we'll get to the state where
validation is required.  Under the protocol, if you don't understand
the algorithm on the signature available to you (which could actually
be a subset of the signatures in the zone, due to the effects of
caches), you just treat the response as not secured.  So it's just
like the zone isn't signed. 

There's the additional factor that adding algorithms increases
response size, which increases transit cost for the zone operator.

Because there's no way to negotiate the algorithm and there's an
incentive to keep the number of algorithms in use small, we've had the
idea that validators are likely to converge on one or two good ones,
and tend to stay there.
> > We do in fact have a completely separate effort underway to update the
> > registry in order to allow certain kinds of indicators like this.  The
> > WG seemed to agree that these were separate problems and didn't want
> > to conflate them.  Does that other effort address your concern?
> Partially.  It depends upon how that work resolves the question of who
> gets to decide what values those indicators take.  If I can register
> the BBC algorithm (Barry's Broken Crypto), and give it soi-disant
> "highly recommended" status, then nothing's solved.  If someone *else*
> is responsible for controlling that field, then we're back to asking
> who the expert (or panel of) is.

The text of this draft currently explicitly notes that it doesn't
change the rules for making an algorithm mandatory to implement.
Since making an algorithm mandatory to implement would update 4034, I
therefore think that it would still require standards action, which
punts the whole business right back to the same process in place
today.  Does that make you less uneasy?



Andrew Sullivan
Shinkuro, Inc.