On Mon, Dec 20, 2021 at 10:42 PM Paul Hoffman <paul.hoff...@icann.org> wrote:
> On Dec 20, 2021, at 6:57 PM, Mark Andrews <ma...@isc.org> wrote:
> > Isn’t it about time we updated DH support in DNS to not use MD5?  Currently 
> > there is
> > no FIPS compatible DH key exchange in DNS.  I suspect it would be 
> > relatively straight
> > forward by defining a new TKEY mode which does DH w/o using MD5.
>
> If I read RFC 2930 correctly, there is no way to create new modes for TKEY. 
> MD5 is baked into the TKEY RRtype, it seems. You would have to create a new 
> RRtype which is similar to TKEY but has a different key exchange mechanism.

I don't know why you think this. Maybe I should write a draft adding a
new TKEY mode using DH and some less primitive crypto than MD5.
Presumably that exercise would provide some information about which of
us is correct :-)

Thanks,
Donald (author of RFC 2930)
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e...@gmail.com

> ...and, at that point, you could just re-use any of the dozen or so key 
> exchange mechanisms already standardized in the IETF. Said another way, if 
> you try to put TKEYbis on standards track, it might get pecked to death 
> because key exchange has come a long way in 30 years.
>
> Your note about that there is no FIPS-compliant way to do TSIG is correct. 
> Having said that, its use of hashes in the key material relies on the 
> preimage resistance of the hash, not the collision resistance. It still works 
> fine, and is likely secure, it just just feels unclean.
>
> --Paul Hoffman_______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to