Hi Masataka, Thank you for your useful inputs.
> While this is, in theory, a known vulnerability, it is still surprising that > USG > actively used it. > > Mocana Purges NSA-Compromised Key-Generation Scheme from Its Popular > Nanocrypto Embedded Security Engine > http://www.businesswire.com/news/home/20131016005500/en > SAN FRANCISCO--(BUSINESS WIRE)--Mocana, the app security leader, issued > a security advisory and announced an update to its NanoCrypto™ embedded > security engine software > (www.mocana.com/nanocrypto) that removes the Dual Elliptic Curve > Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm, an > algorithm that was previously promoted as a cryptographically secure key > generation method by the National Institute of Standards and Technology > (NIST). Mocana’s action is the result of recent Edward Snowden document > revelations that the Dual_EC_DRBG algorithm contains a vulnerability that > likely enables US intelligence agencies to easily decrypt communications > protected with the algorithm. The algorithm was designated as a standard > (SP 800-90A) by NIST in 2006, at least in part because of endorsement and > promotion by the NSA. > Since hash functions are used in DNSSEC (NSEC3), I have a section about the evaluation of hash functions (SHA1,...). But I guess what you mentioned here is really important. So, do you think it is useful only to focus on the algorithms used in DNS or just explain the known/found vulnerabilities of all cryptographic algorithms because maybe for encryption/decryption they might be used in future/ or are using? Do you think it will be relevant to this document or it can be another informational document only discuss about the vulnerabilities of cryptographic algorithms? Thanks again -----------smile---------- Hosnieh … success is a journey, not a destination…. You cannot change your destination overnight, but you can change your direction ... Focus on the journey _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
