I have written a blog post with my understanding of the implications of the
SHAmbles attack for DNSSEC.
https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html
Conclusions from the article:
Whenever a DNS zone is signed with a SHA-1 DNSKEY algorithm it is vulnerable to
chosen prefix collision attacks. This is a problem when a zone accepts updates
from multiple parties, such as:
TLDs
enterprises
hosting providers
It is also a problem when a key is re-used by multiple zones.
Zones using algorithm numbers 7 or less should be upgraded. The recommended
algorithms are 13 (ECDSAP256SHA256) or 8 (RSASHA256, with 2048 bit keys).
For extra protection against chosen prefix collision attacks, zones should not
share keys, and they should have separate ZSKs and KSKs.
DNSSEC zone signing software should provide extra protection against chosen
prefix collisions by adding more randomness to the inception and expiration
times in RRSIG records.
Software implementing CDNSKEY and CDS checks must ensure that the records are
properly signed by a KSK, not just a ZSK.
Top-level domain registry software must not accept over-sized DS records.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
