Perhaps this could be added to things controlled by: harden-algo-downgrade: yes/no?
I don't think there's any security risk from using SHA1 for DS record verification even if SHA-2 is available. Ultimately, it's your call and decision. Cheers, -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu On Mon, Apr 10, 2017, at 15:10, W.C.A. Wijngaards via Unbound-users wrote: > Hi Ondrej, > > On 10/04/17 14:57, Ondřej Surý wrote: > > I see - the 31653 DS is only algo 1, but the other one is 1,2, but > > > > But RFC 4509 says: > > > > 3. Implementation Requirements > > > > Implementations MUST support the use of the SHA-256 algorithm in DS > > RRs. Validator implementations SHOULD ignore DS RRs containing SHA-1 > > digests if DS RRs with SHA-256 digests are present in the DS RRset. > > > > So perhaps Unbound is too strict here? There are no known usable > > attacks on SHA-1 for use in DNSSEC, so I don't think it's necessary to > > ignore it right _now_. > > But unbound clearly implements the SHOULD and thus should be > interoperable? That is what the 'SHOULD' is there for, right? > So, I am doing this because I think it is the standard. And I think so > should you. > > I didn't do this out of strictness, but out of trying to implement > exactly what the standard said. > > Best regards, Wouter > > > > > O. > > > > > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature)
