On Tue, Mar 18, 2014 at 10:26:47PM +1100, Mark Andrews wrote:
> This whole argument of weakest vs strongest was had years ago in
> DNSSEC and quite frankly is a waste of time trying to pick the
> strongest as you are often comparing apples and oranges.
The client ranks the algorithms by preference, in much the same
way that TLS ranks cipher-suites by preference and in TLSv1.2 even
signature algorithms by preference. It does not matter whether
the rankings are objectively justified. The client uses its most
preferred digest (perhaps it has hardware support for it).
> DNSSEC validators just have a way to say "we no longer trust this
> algorithm" and once that is set all records with that algorithm are
> ignored when doing validation regardless of whether there is code
> to support that algorithm or not.
If things are as you describe, this works poorly, since clients
continue to accept weak signatures on zones that have both strong
and weak signatures (RSA/SHA1 and RSA/SHA256) if the strong signature
fails to match the client trusts the weak, right?
It becomes difficult to phase out a weak algorithm because the
incentive to publish the strong along with the weak is reduced
as the benefit from doing so is delayed until clients actually
discontinue the weak algorithm.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
