[DNSOP] SHA-1 chosen prefix collisions and DNSSEC

I have written a blog post with my understanding of the implications of the SHAmbles attack for DNSSEC. https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html Conclusions from the article: Whenever a DNS zone is signed with a SHA-1 DNSKEY algorithm it is vulnerable to chosen prefix

Re: [DNSOP] DNS stamps

On 1/9/20 6:37 PM, Ted Lemon wrote: > On Jan 9, 2020, at 9:21 AM, Vladimír Čunát > wrote: >> Depends what you'd want from the stamps. > If the stamps make assertions about what service is offered, I’d want > that to be verifiable.  [...] I'd personally have

Re: [DNSOP] DNS stamps

On Jan 9, 2020, at 9:21 AM, Vladimír Čunát wrote: > Depends what you'd want from the stamps. If the stamps make assertions about what service is offered, I’d want that to be verifiable. Otherwise, I can send you a stamp that makes promises I don’t intend to keep, and there’s no signature on

Re: [DNSOP] DNS stamps

These stamps do contain interesting ideas, I believe. On 1/9/20 5:13 PM, Ted Lemon wrote: > In order for this to actually be useful, two things would be required. > > 1. The assertions about resolver behavior (e.g., logging, etc) would > have to be signed > [...] Depends what you'd want from the

Re: [DNSOP] DNS stamps

On Jan 9, 2020, at 6:35 AM, Stephane Bortzmeyer wrote: > Could be useful specially for secure and public resolvers, may be > worth of some IETF work? In order for this to actually be useful, two things would be required. 1. The assertions about resolver behavior (e.g., logging, etc) would have

[DNSOP] DNS stamps

Could be useful specially for secure and public resolvers, may be worth of some IETF work? https://github.com/DNSCrypt/dnscrypt-proxy/wiki/stamps ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop