Re: DS Algorithm selection and SHA1 deprecation

[Alex Bligh <alex@alex.org.uk>]

--On 07 December 2005 08:34 -0500 Edward Lewis <Ed.Lewis@neustar.biz> wrote:

> I don't think it's right to make the phase out of SHA1 to stated goal.
> The goal is to define SHA256 as an alternative and document why it is
> better than SHA1 and why an operator (of DNS) ought to prefer to use
> SHA256 (given that SHA1 is already in play).

I guess my point is that provided validators continue accepting SHA1,
authoritative servers using SHA256 are still vulnerable to attack, by
spoofing SHA1 records if SHA-1 is broken. IE the operator will be helped
not be using SHA-256, but by the validator not accepting SHA-1. I
appreciate saying that validators MUST NOT / SHOULD NOT / "ought to think
about not" accepting SHA-1 may be too far a step to take, but it seems to
me that the point is not what happens on the authoritative server end, but
the validator end (imagine what would happen if validators accepted DS
records without any digest - and compare that to a totally broken SHA-1).

Alex

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>