On Fri, 10 Jan 2020 at 08:08, Matthew Pounsett <[email protected]> wrote:
> > > On Thu, 9 Jan 2020 at 20:47, Tony Finch <[email protected]> wrote: > >> I saw the Eurocrypt SHA-1 chosen-prefix attack last year but I didn't >> think about the consequences. As soon as I saw the SHAmbles announcement I >> realised what it actually meant and that DNSSEC was in serious trouble. >> >> > What are the implications for NSEC3, given that both (current) algorithm > numbers rely on SHA-1? > Nevermind.. a split thread meant the answer to my question was further down in my inbox. So an attack against a TLD using NSEC3 is logistically difficult, but it's not impossible.. so I guess we'd better get on with standardizing RSASHA256-NSEC3-SHA256. There are a LOT of TLDs—particularly CC's—using algo 7.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
