> The ANRW talk "Protocol Fixes for KeyTrap Vulnerabilities this > afternoon by Elias Heftrig, Haya Schulmann, Niklas Vogel, Michael > Waidner is proposing that there is a type roll for DS and DNSKEY. > I dont think this is needed. The only change actually need is to > add a new requirement that says that new DNSKEY algorithms MUST > have DNSKEY RRsets that do not have colliding key tags. Validators > can then depend on this behaviour with new key DNSKEY algorithms. > The only question is do we add aliases for the existing key types.
I can see 3 problems with this approach: 1) we are only safe when the last algorithm that allows colliding keys has been deprecated. That may be many decades from now. We are nowhere near deprecating algorithms that use SHA-1. 2) Some operators expressed concerns about prohibiting colliding keys, especially in multi-signer setups. Delaying the deprecation of current algorithms. 3) My own analysis shows that for reasonable zones there is no need to tolerate more than 1 signature verification failure per RRset. So the gains are no all that high. _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
