On Mon, Dec 20, 2021 at 10:42 PM Paul Hoffman <paul.hoff...@icann.org> wrote: > On Dec 20, 2021, at 6:57 PM, Mark Andrews <ma...@isc.org> wrote: > > Isn’t it about time we updated DH support in DNS to not use MD5? Currently > > there is > > no FIPS compatible DH key exchange in DNS. I suspect it would be > > relatively straight > > forward by defining a new TKEY mode which does DH w/o using MD5. > > If I read RFC 2930 correctly, there is no way to create new modes for TKEY. > MD5 is baked into the TKEY RRtype, it seems. You would have to create a new > RRtype which is similar to TKEY but has a different key exchange mechanism.
I don't know why you think this. Maybe I should write a draft adding a new TKEY mode using DH and some less primitive crypto than MD5. Presumably that exercise would provide some information about which of us is correct :-) Thanks, Donald (author of RFC 2930) =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e...@gmail.com > ...and, at that point, you could just re-use any of the dozen or so key > exchange mechanisms already standardized in the IETF. Said another way, if > you try to put TKEYbis on standards track, it might get pecked to death > because key exchange has come a long way in 30 years. > > Your note about that there is no FIPS-compliant way to do TSIG is correct. > Having said that, its use of hashes in the key material relies on the > preimage resistance of the hash, not the collision resistance. It still works > fine, and is likely secure, it just just feels unclean. > > --Paul Hoffman_______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop