It appears that <jab...@strandkip.nl> said: >There are other reasons to deprecate SHA-1 in DNSSEC than mathematical concern >about the use of that particular digest algorithm in the protocol. Problems >with >SHA-1 definitively exist in other places, in protocols that are in much more >widespread use than DNSSEC. For example, a message that says "stop using SHA-1" >might be more effective at fixing TLS implementations than a message that says >"stop using SHA-1 unless you are using it in one of the following ways, in >which >case it's totally fine". From the perspective of DNSSEC, "stop using SHA-1" >might be a much more effective message to communicate at the same time that >everybody >else is saying it than ten years later. > >On the other hand, I have not seen any particularly compelling argument that >MUST NOTting SHA-1 will cause the sky to fall. A handful of responses signed by >people who are not paying attention will stop being validated. Security and >not paying attention are usually related, and not in a good way.
I see this as a strong argument for a document saying that servers MUST NOT sign with SHA1. But until we see a lot more plausible story about how one might get a collision on a useful name, telling people to stop accepting them seems like a self-inflicted wound. We all know the people at IANA who run .INT. If we can't persuade them that this has becomes a problem that needs to be fixed, how urgent is it likely to be? R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
