Deprecation notice force BIND 9.20+: TKEY Mode 2 (Diffie-Hellman Exchanged Keying)
Ondřej Surý
ondrej at isc.org
Tue Feb 28 15:30:45 UTC 2023
Hello,
in line with out deprecation policy, I am notifying the mailing list about our preliminary
intent to deprecate the TKEY Mode 2 - Diffie-Hellman Exchanged Keying. This mode
is adept for expedited deprecation - it will be removed in BIND 9.20 and deprecated
in BIND 9.18
The draft-eastlake-dnsop-rfc2930bis-tkey (in progress) specifies:
> 4.2 Diffie-Hellman Exchanged Keying (Deprecated)
>
> The use of this mode (#2) is NOT RECOMMENDED for the following two
> reasons but the specification is still included in Appendix A in case
> an implementation is needed for compatibility with old TKEY
> implementations. See Section 4.6 on ECDH Exchanged Keying.
>
> The mixing function used does not meet current cryptographic
> standards because it uses MD5 [RFC6151].
>
> RSA keys must be excessively long to achieve levels of security
> required by current standards.
We are going to implement the advice from the draft and completely remove
the TKEY DH implementation from BIND 9.
In BIND 9.20:
1. Using tkey-dhkey option in named.conf will be now a fatal error
2. Using dnssec-keygen -a DH will be now a fatal error
3. Using dnssec-keyfromlabel -a DH will be now a fatal error
In BIND 9.18:
1. Using tkey-dhkey option in named.conf will issue a deprecation warning
Users are advised to switch to TKEY Mode 3 (GSS-API).
Removing this insecure algorithm that should not be used anyway will
reduce an attack surface.
This is tracked under https://gitlab.isc.org/isc-projects/bind9/-/issues/3905
Thanks.
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
More information about the bind-users
mailing list