[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q2: crypto algorithm requirements for DNSSEC

To: "Scott Rose" <scottr@nist.gov>
Subject: Re: Q2: crypto algorithm requirements for DNSSEC
From: Mark.Andrews@isc.org
Date: Wed, 12 Feb 2003 07:31:16 +1100
Cc: namedroppers@ops.ietf.org
In-reply-to: Your message of "Tue, 11 Feb 2003 07:40:23 CDT." <008801c2d1ca$bf14de10$b9370681@barnacle>

> There have been previous updates to the requirement levels of the
> cryptographic algorithms for DNSSEC (RFC 3110 updating RFC2535 for example).
> There has been previous talk on this list regarding dropping DSA as a
> mandatory to implement algorithm.  Instead of writing a whole RFC just to
> propose making DSA optional and RSA/SHA1 the only required algorithm, it
> would be nice to seek consensus here.
> 
> In other words, the new algorithm table from 2535 and 3110 would look like:
> 
> code            name
> 0                reserved
> 1                RSA/MD5        NOT RECOMMENDED
> 2                D-H                  OPTIONAL
> 3                DSA                 OPTIONAL
> 4                ECC(reserved)    OPTIONAL
> 5                RSA/SHA1        REQUIRED
> 6-251         available for assignment
> 252            indirect                OPTIONAL
> 253            private
> 254            private
> 255            reserved
> 
> 
> Q:  Is the change of DSA to OPTIONAL  acceptable?  That will leave only
> RSA/SHA1 as the only mandatory to implement algorithm.

	One of the purposes of two manditory protocols was to ensure
	that we could always have working DNSSEC in the event that
	a way to compromise a algorithm was found.  You could then
	switch off that algorithm and still have a secure system
	while another algorithm was deployed to replace the compromised
	one.  [ Yes, named is missing the switches to turn this off
	algorithms at runtime.  This will be addressed. ]

	This would remove the fallback solution and require massive
	quick redeployment of dnssec suites in the event of a
	compromise to RSA/SHA1.

	The down side of having two manditory algorithms is that
	you should be signing with both all the time otherwise when
	one is compromised you will have whole branches being
	isolated.

	Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Q2: crypto algorithm requirements for DNSSEC
  - From: Rob Austein <sra+namedroppers@hactrn.net>

References:
- Q2: crypto algorithm requirements for DNSSEC
  - From: "Scott Rose" <scottr@nist.gov>

Prev by Date: Re: Q1: Should we allow name compression in the RDATA of DNSSEC RRs?
Next by Date: RE: Q2: crypto algorithm requirements for DNSSEC
Previous by thread: Re: Q2: crypto algorithm requirements for DNSSEC
Next by thread: Re: Q2: crypto algorithm requirements for DNSSEC
Index(es):
- Date
- Thread