On Tue, 28 Feb 2017, Roy Arends wrote:
Since the last update of this draft, a full collision has been found.
Do the authors intend to update the draft to state that SHA1 SHOULD NOT be used
for DNSSEC signing (DNSKEY algorithm 5,6,7) and for DNSSEC Delegation (DS and
CDS algorithm 1) ?
That seems a bit dramatic to this author :)
We can't stuff PDF prefixes into this, there are a lot less bytes
for an attacker to play with.
Please also refrain from using MUST- SHOULD+ and SHOULD-.
For this SHA1 case or in general? I'd say we could update the DNSSEC
Signing entry from MUST- to SHOULD NOT but I would leave SHA1 for
DNSSEC validation at MUST-.
There is a need to move people away from SHA1, but I don't think this
specific attack changing anything with respect to DNSSEC.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
