Skip to main content

Last Call Review of draft-ietf-dnsop-rfc2845bis-06
review-ietf-dnsop-rfc2845bis-06-secdir-lc-nystrom-2020-01-23-00

Request Review of draft-ietf-dnsop-rfc2845bis
Requested revision No specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-01-21
Requested 2020-01-07
Authors Francis Dupont , Stephen Morris , Paul A. Vixie , Donald E. Eastlake 3rd , Ólafur Guðmundsson , Brian Wellington
Draft last updated 2020-01-23
Completed reviews Secdir Last Call review of -06 by Magnus Nystrom (diff)
Genart Last Call review of -06 by Jouni Korhonen (diff)
Assignment Reviewer Magnus Nystrom
State Completed
Review review-ietf-dnsop-rfc2845bis-06-secdir-lc-nystrom-2020-01-23
Posted at https://mailarchive.ietf.org/arch/msg/secdir/-2OKlVBYai6MQUWvsUODpGpS6Go
Reviewed revision 06 (document currently at 09)
Result Has Issues
Completed 2020-01-19
review-ietf-dnsop-rfc2845bis-06-secdir-lc-nystrom-2020-01-23-00
 I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document defines a mechanism to provide authenticity and integrity of
DNS transactions such as update requests.


My main comment about this document is that it recommends use, and mandates
support, of HMAC-SHA1, even truncated HMAC-SHA1. In light of recent
cryptanalysis results, e.g.,
- https://eprint.iacr.org/2020/014.pdf
-  https://www.mitls.org/downloads/transcript-collisions.pdf
it seems to me that an update to RFC 2845 would be better off not to
recommend (or even mandate) use of SHA-1 but rather stronger hash functions
such as SHA-256.
Likewise, the statement "longer [authentication values] are believed to be
stronger" is potentially misleading as it is the strength of the algorithm,
and not the length of its output, that ultimately determines its security.

Thanks,
-- Magnus