Interesting page https://rootcanary.org with test of supported encryption algorithms.
and
Statistics for common and ather algorihms
Interesting page https://rootcanary.org with test of supported encryption algorithms.
and
Statistics for common and ather algorihms
Yes, we’ve used this one at Knot Resolver team.
Wrong link published.
Is DSA not supported by kresd due to its inherent security flaws?
But then RSA-SHA1 is neither secure, is it not, and should not be leveraged by a Delegation Signer?
What about GOST - considered insecure as well?
ED448 - coming to kresd soon? Unbound appears to be supporting it.
The three unsupported columns to the left are intentional indeed. I’m not aware of (RSA-)SHA1 being that bad yet, though it’s advisable to migrate away from SHA1; it still feels better to keep validating them instead of forcing them to insecure status (like the other three ones). ED448 waits for gnutls, as that’s where we take all of these from.
I actually had a prototype for GOST support, but the thing is that noone seems to want it (anymore) and even an RFC now dissuades from using it, so we didn’t add it in the end. If I understand it right, even GOST are migrating to a new version of algorithm and that one isn’t standardized for DNSSEC.
GOST is old and unsecure Soviet cipher.
It is known as broken since 2005 [1] and even now new attack vectors are being discovered [2]. Any conscious Delegation Signer will probably not touch it with a barge pole and even wearing gloves
That is probably a matter of convenience as not to raise too many errors that could potentially taint DNSSEC for the uninitiated.
[1] SHA-1 Broken - Schneier on Security
[2] New SHA-1 Attack - Schneier on Security
In practice SHA1 algos are still used in DNSSEC relatively a lot. For example, .cz: https://stats.nic.cz/stats/dnssec_by_algorithms/ If I understand it correctly, so far the efficient attacks need long inputs, limiting their use in DNS. When mentioning this… here’s a recent DNS+SHA1 analysis: https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html (I haven’t studied SHA1 attack details myself.)
Oh dear. That does not help advocating DNSSEC. But then the number (that is not globally but just for .CZ TLD?) seems to hover around:
True, it indeed depends on the context of the potential attack vector.
SHA1 is dead.
One would reckon but the statistics linked by @vcunat imply that it has not reached every Delegation Signer and/or domain admin…
Also the article cited by @vcunat mentions
SHA-1 is deprecated but still used in DNSSEC, and this collision attack means that some attacks against DNSSEC are now merely logistically challenging rather than being cryptographically infeasible.
Which in the end might give DNSSEC a bad name though not being at fault.
For reference, the discussion continued on GitLab (mainly about Unbound on Turris): https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/540
Whilst DNSSEC helps domain owners in preventing their domains getting hijacked through DNS there is no benefit to the end user since:
Despite a Foris script producing a when testing DNSSEC validation there is no actual advantage for the user having DNSSEC validation enabled in the recursor, one could even argue that it unnecessarily:
without the slightest benefit for the end user.
Forged DNS records won’t get to those clients. (If behind a validating resolver and it’s not a name that’s provably insecure.) But I agree that benefit to regular end user still seems negligible, as security of their (web/mail/…) clients is built on other things (mainly TLS).
To my understanding the design principle of kresd and unbound is three-fold:
With 3) being unrelated to the subject of DNSSEC it would seems to me that (perhaps kresd and unbound differ in the outcome):
I don’t understand reasoning of your last paragraph and I haven’t observed similar behavior, at least not commonly. You can test on intentionally broken domains like http://www.rhybar.cz
BTW, I wouldn’t call kresd or unbound a “stub resolver”, but exact terminology doesn’t seem really important here.
Pardon if I mixed up terminology…
Thank for the pointer. Indeed DNS resolution fails and thus the protection is there but the user is left clueless that actually DNSSEC validation is the cause for it and with something like
ERR_NAME_RESOLUTION_FAILED
being exhibited by the browser.
Yes, unfortunately SERVFAIL doesn’t nicely indicate the source of error, and that leads even to practical problems like https://bugzilla.mozilla.org/show_bug.cgi?id=1525854
OpenSSH team says: SHA-1 is not secure.
https://www.openssh.com/txt/release-8.2
Prevent SSH-1 support!