On Dec 20, 2021, at 6:57 PM, Mark Andrews <ma...@isc.org> wrote: > > Isn’t it about time we updated DH support in DNS to not use MD5? Currently > there is > no FIPS compatible DH key exchange in DNS. I suspect it would be relatively > straight > forward by defining a new TKEY mode which does DH w/o using MD5.
If I read RFC 2930 correctly, there is no way to create new modes for TKEY. MD5 is baked into the TKEY RRtype, it seems. You would have to create a new RRtype which is similar to TKEY but has a different key exchange mechanism. ...and, at that point, you could just re-use any of the dozen or so key exchange mechanisms already standardized in the IETF. Said another way, if you try to put TKEYbis on standards track, it might get pecked to death because key exchange has come a long way in 30 years. Your note about that there is no FIPS-compliant way to do TSIG is correct. Having said that, its use of hashes in the key material relies on the preimage resistance of the hash, not the collision resistance. It still works fine, and is likely secure, it just just feels unclean. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
