On Thu, Jan 23, 2020 at 12:12:15AM +0000, Tony Finch wrote:
> By default dnssec-cds copies CDS records to make DS records, and the
> question of SHA-256 or something else only arose when it was asked to turn
> CDNSKEY records into DS records. But if the CDS records are generated by
> some ancient code from before the dawn of time, such as BIND 9.14 on my
> production servers, there will be SHA-1 CDS records which will be copied
> to the DS records. Sadface, RFC 8624 protocol violation.
But SHA-1 is still quite safe as a DS digest type, the problematic use
is SHA-1 RRSIGs. In the context of DS RRs, only 2nd-preimage attacks
matter, and the prospect of those *even against MD5* is still remote.
Which is not to say that one should continue to use SHA-1 in DS RRs,
there but there is little risk in doing for the foreseable future.
--
Viktor.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
