On Tue, Jul 4, 2017 at 11:42 AM, Shumon Huque <shu...@gmail.com> wrote:
> Hi folks, > > We've posted a new draft on algorithm negotiation which we're hoping to > discuss at IETF99 (and on list of course). I've discussed this topic with > several folks at DNS-OARC recently. > > https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00 > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Algorithm Negotiation in DNSSEC > Authors : Shumon Huque > Haya Shulman > Filename : draft-huque-dnssec-alg-nego-00.txt > Pages : 9 > Date : 2017-07-03 > > Abstract: > This document specifies a DNS extension that allows a DNS client to > specify a list of DNSSEC algorithms, in preference order, that the > client desires to use. A DNS server upon receipt of this extension > can choose to selectively respond with DNSSEC signatures using the > most preferred algorithm they support. This mechanism may make it > easier for DNS zone operators to support signing zone data > simultaneously with multiple DNSSEC algorithms, without significantly > increasing the size of DNS responses. It will also allow an easier > way to transition to new algorithms while still retaining support for > older DNS validators that do not yet support the new algorithms. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-huque-dnssec-alg-nego/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00 > https://datatracker.ietf.org/doc/html/draft-huque-dnssec-alg-nego-00 > > -- > Shumon Huque > > I like the idea. I am not an DNSSEC expert, but wondering in section 7, paragraph: In order to detect such attacks, the client SHOULD compare the zone signing algorithms listed in the zone's authenticated DNSKEY RRset, and the preferred list in the query that it sent, to the algorithms seen in the response signatures. If signatures by the most preferred algorithm they have in common have not been sent, this may indicate an algorithm downgrade attack. Can there be 'pre-pubished' DNSKEY's that are not used for signing yet, to would not be available for response signatures? And perhaps a really dumb off-topic question: I do not use DNSSEC yet, mostly due to time and effort, secondly due to concern over the additional size and processing. Is it possible for me to start with a new, rarely implemented, algorithm with shorter records, that most resolvers won't understand yet, and have those that don't understand it treat the zone as unsigned? Or will it break everything? (Section 5 sounds like it breaks) -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
