In article <alpine.lrh.2.21.1808021512160.1...@bofh.nohats.ca> you write: >On Tue, 31 Jul 2018, Matt Larson wrote: > >> For all those reasons, I think a checksum in the zone file itself that can >> be verified with DNSSEC is the best option for this use case, and I like the >ZONEMD solution. > >Note that the checksum in this case must be at least as >cryptographically strong as the signature algorithm used >in the individual RRSIGs/DNSKEYs. This would have to be >enforced by software/RFC to prevent a downgrade attack.
As someone else pointed out, this would be a second-preimage attack. As far as I know, even the cruddy old hashes like MD5 and SHA-1 aren't subject to it. Could you explain in more detail what sort of downgrade attack you're thinking of? R's, John PS: I have no objection to making a list of hash functions for ZONEMD that currently only includes SHA-256. I mean, why not? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
