[DNSSEC] BIND validates but not Unbound: who is right?
Mukund Sivaraman
muks at isc.org
Mon Feb 16 17:56:00 UTC 2015
On Mon, Feb 16, 2015 at 11:19:51PM +0530, Mukund Sivaraman wrote:
> But while RFC 4509 sec. 6 talks about this issue in the case of DS with
> SHA-2 algorithms, there is no requirement there.
There is this nugget here:
> Implementations MUST support the use of the SHA-256 algorithm in DS
> RRs. Validator implementations SHOULD ignore DS RRs containing SHA-1
> digests if DS RRs with SHA-256 digests are present in the DS RRset.
Perhaps this is why Unbound fails validation.
We should discuss this in the BIND context. Immediately upon reading
this, I thought this probably means "SHOULD ignore authentication chains
through SHA-1 if an authentication chain through SHA-256 exists." But
that invites downgrade attacks.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150216/54d1353e/attachment.bin>
More information about the bind-users
mailing list