[dns-operations] DNSSEC: state of it / italy

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Jul 22 15:28:31 UTC 2024 

On Mon, Jul 22, 2024 at 11:58:03AM +0100, John Dickinson wrote:

> > The TLD .it is signed with Algorithm 10 / RSASHA512.
> > (https://dnsviz.net/d/it/Zp348A/dnssec/)
> > RFC 8624 say, RSASHA512 is NOT RECOMMENDED. Does anybody know if .it
> > will change it's algorithm some day?
> 
> The table in RFC8624 is about implementation recommendations not which
> algorithm you use for signing.

Well, I read the column headings as precisely about what to use for
signing or verification, the word "implementation" in the first
paragraph looks suboptimal, because the table contains operational
practice advice, more so than software implementation support.

   https://datatracker.ietf.org/doc/html/rfc8624#section-3.1

   +--------+--------------------+-----------------+-------------------+
   | Number | Mnemonics          | DNSSEC Signing  | DNSSEC Validation |
   +--------+--------------------+-----------------+-------------------+
   | 1      | RSAMD5             | MUST NOT        | MUST NOT          |
   | 3      | DSA                | MUST NOT        | MUST NOT          |
   | 5      | RSASHA1            | NOT RECOMMENDED | MUST              |
   | 6      | DSA-NSEC3-SHA1     | MUST NOT        | MUST NOT          |
   | 7      | RSASHA1-NSEC3-SHA1 | NOT RECOMMENDED | MUST              |
   | 8      | RSASHA256          | MUST            | MUST              |
   | 10     | RSASHA512          | NOT RECOMMENDED | MUST              |
   | 12     | ECC-GOST           | MUST NOT        | MAY               |
   | 13     | ECDSAP256SHA256    | MUST            | MUST              |
   | 14     | ECDSAP384SHA384    | MAY             | RECOMMENDED       |
   | 15     | ED25519            | RECOMMENDED     | RECOMMENDED       |
   | 16     | ED448              | MAY             | RECOMMENDED       |
   +--------+--------------------+-----------------+-------------------+

> However, I agree that with RSASHA512 is not such a great idea as the RFC
> slightly confusingly explains at the bottom of page 5:
> 
>   "RSASHA512 is NOT RECOMMENDED for DNSSEC signing because it has not
>    seen wide deployment, but there are some deployments; hence, DNSSEC
>    validation MUST implement RSASHA512 to ensure interoperability.
>    There is no significant difference in cryptographic strength between
>    RSASHA512 and RSASHA256; therefore, use of RSASHA512 is discouraged
>    as it will only make deprecation of older algorithms harder.  People
>    who wish to use a cryptographically stronger algorithm should switch
>    to elliptic curve cryptography algorithms."
> 
> I would change the first sentence of that to say signers not signing.
> 
> While I would encourage .it to switch to Alg. 13, I would be a lot more
> worried by the UDP errors flagged by DNSViz.

To this I'd add there are 32 TLDs signed with algorithm 10:

     alstom barcelona bauhaus bcn cat cologne erni eurovision eus gal
     gmx gw ifm it koeln lacaixa madrid man mango nrw quebec radio ruhr
     sap scot seat sport swiss vu xn--80asehdb xn--80aswg xn--mgbab2bd

And that algorithm 10 is widely supported by resolvers (per the MUST in
the table's "Validation" column), even though not recommended for signing.

So while the TLDs in question should switch to 8 or 13, they're likely
to see more risk in performing a rollover than in sticking with a
deprecated algorithm. :-(

-- 
    Viktor.

More information about the dns-operations mailing list