Wes Hardaker <wjh...@hardakers.net> wrote: > > Because it's time...
Better late than never :-) My draft from a couple of years ago describes some fun attacks you can perform on DNSSEC if you can generate a hash collision. So I think SHA-1 ought to be MUST NOT for signing, and there should be a concerted effort to get to the point where it can be deprecated for verification. https://datatracker.ietf.org/doc/html/draft-fanf-dnsop-sha-ll-not Appendix B. Timeline o 2005: Theoretical 2^63 attack on SHA-1 [Wang2005] [Cochran2007] o 2006: NIST starts to deprecate SHA-1 [NIST2006] o 2010: DNS root zone signed with RSASHA256 [ROOT-DNSSEC] o 2011: NIST formally deprecates SHA-1 for digital signatures, and disallows it after 2013 [NIST-SP800-131A] (section 3) o 2013: IETF recommends RSASHA1 for use in DNSSEC [RFC6944] o 2014: CA/Browser forum sunsets SHA-1 in X.509 WebPKI certificates after 2015 [CABforum2014] o 2015: Free-start collision demonstrated in SHA-1 [SHAppening] o 2017: Identical-prefix collision demonstrated in SHA-1 [SHAttered] o 2019: IETF partially deprecates SHA-1 for use in DNSSEC [RFC8624] o 2020: Chosen-prefix collision demonstrated in SHA-1 [SHA-mbles] -- Tony Finch <d...@dotat.at> https://dotat.at/ Channel Islands: West to southwest 2 to 4, occasionally 5, locally variable 1 to 3 at times south of guernsey this afternoon and evening, becoming generally southerly overnight. Smooth or slight. Occasional showers, locally heavy and thundery mist and a risk of patches, mainly in the north and west of the area at times. Good, occasionally moderate to poor, perhaps locally very poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop