See our I-D on lifecycle. It addresses this issue squarely. I'm about to to dinner and can't fill in the details. I'll do so later if someone hasn't already.
Steve Sent by a Verified sender On Wed, Nov 13, 2024 at 7:04 PM Philip Homburg <pch-dnso...@u-1.phicoh.com> wrote: > >Tony Finch has correctly identified in SHA-1 chosen prefix collisions > >and DNSSEC [3] article that when a single record is usually safe, > >multiple records might allow creating fake signature even in DNSSEC. > > There are two types of attacks on hash functions: collisions and second > pre-image attacks. > > There is no practical 2nd pre-image attack for SHA-1, so we can concentrate > on collision attacks. A collision attack requires that the victim to > accepts malcious data from an attacker > > There are many, proably even the majority of DNSSEC signed domains, > where this is not an issue. Attackers cannot influence the contents of a > zone. In those cases, using SHA-1 is secure. > > Obviously we need to move away from SHA-1 as fast as possible. But we do > those domains a disservice if we treat them as insecure. In > particular, DANE will stop working if a domain is considered insecure. > > We already see the operational impact. People with RedHat systems notice > that DANE suddenly stops working. They have no clue where is coming from, > they just see that unbound doesn't set the AD bit. > > The solution should be that RedHat provides a way to link with a different > crypto library that does support RSASHA1. > > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
