Deprecation notice force BIND 9.20+: TKEY Mode 2 (Diffie-Hellman Exchanged Keying)

[Ondřej Surý]

Hello,

in line with out deprecation policy, I am notifying the mailing list about our preliminary
intent to deprecate the TKEY Mode 2 - Diffie-Hellman Exchanged Keying.  This mode
is adept for expedited deprecation - it will be removed in BIND 9.20 and deprecated
in BIND 9.18

The draft-eastlake-dnsop-rfc2930bis-tkey (in progress) specifies:

> 4.2 Diffie-Hellman Exchanged Keying (Deprecated)
> 
> The use of this mode (#2) is NOT RECOMMENDED for the following two
> reasons but the specification is still included in Appendix A in case
> an implementation is needed for compatibility with old TKEY
> implementations. See Section 4.6 on ECDH Exchanged Keying.
> 
> The mixing function used does not meet current cryptographic
> standards because it uses MD5 [RFC6151].
> 
> RSA keys must be excessively long to achieve levels of security
> required by current standards.

We are going to implement the advice from the draft and completely remove
the TKEY DH implementation from BIND 9.

In BIND 9.20:

1. Using tkey-dhkey option in named.conf will be now a fatal error
2. Using dnssec-keygen -a DH will be now a fatal error
3. Using dnssec-keyfromlabel -a DH will be now a fatal error

In BIND 9.18:
1. Using tkey-dhkey option in named.conf will issue a deprecation warning

Users are advised to switch to TKEY Mode 3 (GSS-API).

Removing this insecure algorithm that should not be used anyway will
reduce an attack surface.

This is tracked under https://gitlab.isc.org/isc-projects/bind9/-/issues/3905

Thanks.
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.