[dns-operations] [Ext] Re: help with a resolution
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jan 10 18:04:48 UTC 2020
On Fri, Jan 10, 2020 at 08:08:51AM -0500, Matthew Pounsett wrote:
> > I saw the Eurocrypt SHA-1 chosen-prefix attack last year but I didn't
> > think about the consequences. As soon as I saw the SHAmbles announcement I
> > realised what it actually meant and that DNSSEC was in serious trouble.
>
> What are the implications for NSEC3, given that both (current) algorithm
> numbers rely on SHA-1?
None whatsoever. The use of SHA-1 in NSEC3 is not security relevant. It is
used to deter casual zone walking and nothing else. Any digest algorithm that
requires some computational effort to perform dictionary attacks to recover the
guessable input domain names is pretty much as good as any other.
SHA-1 has many advantages:
1. It is already implemented and deployed (this basically ends the discussion)
2. It is compact enough to fit in a base32 encoded label.
There is no need to replace SHA-1 in NSEC3, and doing so would do more harm
than good (another decade of deployment uncertainty).
--
Viktor.
More information about the dns-operations
mailing list