>The advise is split between producing SHA1 signatures and consuming SHA1 >signatures, and those timings do not have to be identical. > >That said, a number of OSes have already forced the issue by failing >SHA1 as cryptographic operation (RHEL, CentOS, Fedora, maybe more). So >right now, if you run DNSSEC with SHA1 (which includes NSEC3 using >SHA1), your validator might already return it as an insecure zone. > >I think a MUST NOT for signing with SHA1 is a no-brainer. The timing for >MAY on validation should be relatively short (eg 0-2 years?)
What worries me about the draft is the security section. I can understand the desire to get rid of old crypto, but as far as I can tell this draft will mostly decrease security. We can accept as given that it is easy to find collisions for SHA1. However, a second pre-image attack is way off in the future. >From that we can conclude that for any zone that is now signed using SHA1 and that does not have a risk of collision attacks (because the zone does not accept data controlled by third parties), this draft is a clear reduction of security. For a site that does have a risk of collision attacks the situation is less clear. Such a site should move away from using SHA1, but the recommendation for validators will still cause an immediate reduction of security. Looking at the signer part, this is not great either. Moving away from SHA1 requires an algorithm roll-over. DNSSEC is already quite fragile and algorithm rolls are worse. So there is a failure risk that is too big ignore. This draft requires zones that do not have a collision risk to move to a different algorithm, at a significant risk, but there is no increase in security. So that part is also a net negative for security. So it seems that we are asked to adopt a draft that will mostly reduce security, not increase it. There might be other arguments for adopting the draft, such a Redhat not validating signatures with SHA1 anymore. But those arguments are not mentioned in the draft. And if some companies from one country want to shoot themselves in the foot, does the rest of the world have to follow? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
