On Apr 29, 2024, at 13:00, Paul Wouters <p...@nohats.ca> wrote: > That said, a number of OSes have already forced the issue by failing > SHA1 as cryptographic operation (RHEL, CentOS, Fedora, maybe more). So > right now, if you run DNSSEC with SHA1 (which includes NSEC3 using > SHA1), your validator might already return it as an insecure zone.
If the purpose of deprecating validation that involves SHA-1 is the decision by RedHat to make that entire section of the DNS insecure, the documents should say that explicitly. Conflating the pre-image weaknesses of SHA-1 and actual useful attacks on DNSSEC, and then using that conflation as the reason for the WG adopting these documents, is not useful. --Paul Hoffman (And, if anyone believes that collision reduction attacks on a hash are likely to lead to preimage reduction attacks, please look at the literature about MD5. The collision resistance has been massively reduced, and there is still zero preimage reduction after almost 20 years.) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop