[DNSSEC] BIND validates but not Unbound: who is right?
Mukund Sivaraman
muks at isc.org
Mon Feb 16 18:11:00 UTC 2015
On Mon, Feb 16, 2015 at 11:26:00PM +0530, Mukund Sivaraman wrote:
> On Mon, Feb 16, 2015 at 11:19:51PM +0530, Mukund Sivaraman wrote:
> > But while RFC 4509 sec. 6 talks about this issue in the case of DS with
> > SHA-2 algorithms, there is no requirement there.
>
> There is this nugget here:
>
> > Implementations MUST support the use of the SHA-256 algorithm in DS
> > RRs. Validator implementations SHOULD ignore DS RRs containing SHA-1
> > digests if DS RRs with SHA-256 digests are present in the DS RRset.
>
> Perhaps this is why Unbound fails validation.
>
> We should discuss this in the BIND context. Immediately upon reading
> this, I thought this probably means "SHOULD ignore authentication chains
> through SHA-1 if an authentication chain through SHA-256 exists." But
> that invites downgrade attacks.
UGH that's the DS digest, not algorithm. This is no bug in BIND. I'm
sorry.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150216/b037f5a9/attachment.bin>
More information about the bind-users
mailing list