follow up of "Update RIPE's DNS Zonemaster"
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
Also curious myself, I was trying to set up DNSSEC for my own and my workplace's network, and ran into the same issue, the same goes for Ed448. The newest that seems to be accepted is protocol 14 (ECDSAP384SHA384), so I've been using this for now. Would also be interested in the current status of this. Cheers, Jori (Tyrasuki) REDP-RIPE On 2/18/2022 2:41 PM, Nick Cao via dns-wg wrote:
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
ok - I’ll bite - why do you want to use Ed25519 or Ed448 for DNSSEC? When I looked at the level of support for Ed25519 last June the measurements showed that "slightly less than one half of all users who use DNS recursive resolvers that perform DNSSEC validation using ECDSA P-256 also treat ED25519 digital signatures as “unknown.” [1] That study concluded with the Q&A: "Is Ed25519 ready for use? In my view, this data is telling us “No!” If you want to take advantage of the smaller signature sizes offered by these curve-based crypto algorithms, then ECDSA P-256 appears to offer similar cryptographic strength with the same key sizes as Ed25519, but with a far more widespread support base for validation.” [1] Hence my question - why are you wanting to sign with an algorithm that does not have enywhere near the level of validating resolver support as ECDSA P-256? thanks, Geoff [1] https://www.potaroo.net/ispcol/2021-06/eddi.html
On 19 Feb 2022, at 1:37 am, Tyrasuki via dns-wg <dns-wg@ripe.net> wrote:
Also curious myself,
I was trying to set up DNSSEC for my own and my workplace's network, and ran into the same issue, the same goes for Ed448. The newest that seems to be accepted is protocol 14 (ECDSAP384SHA384), so I've been using this for now.
Would also be interested in the current status of this.
Cheers, Jori (Tyrasuki) REDP-RIPE
On 2/18/2022 2:41 PM, Nick Cao via dns-wg wrote:
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
Nice catch! But who can resist the tempting smell of a brand new cryptographic building block? Speaking of the level of support, I personally have a low barrier on that: does major public resolvers support it? If that's a yes, we are good to go. On 2/21/22 09:58, Geoff Huston wrote:
ok - I’ll bite - why do you want to use Ed25519 or Ed448 for DNSSEC?
When I looked at the level of support for Ed25519 last June the measurements showed that "slightly less than one half of all users who use DNS recursive resolvers that perform DNSSEC validation using ECDSA P-256 also treat ED25519 digital signatures as “unknown.” [1]
That study concluded with the Q&A:
"Is Ed25519 ready for use?
In my view, this data is telling us “No!” If you want to take advantage of the smaller signature sizes offered by these curve-based crypto algorithms, then ECDSA P-256 appears to offer similar cryptographic strength with the same key sizes as Ed25519, but with a far more widespread support base for validation.” [1]
Hence my question - why are you wanting to sign with an algorithm that does not have enywhere near the level of validating resolver support as ECDSA P-256?
thanks,
Geoff
[1] https://www.potaroo.net/ispcol/2021-06/eddi.html
On 19 Feb 2022, at 1:37 am, Tyrasuki via dns-wg <dns-wg@ripe.net> wrote:
Also curious myself,
I was trying to set up DNSSEC for my own and my workplace's network, and ran into the same issue, the same goes for Ed448. The newest that seems to be accepted is protocol 14 (ECDSAP384SHA384), so I've been using this for now.
Would also be interested in the current status of this.
Cheers, Jori (Tyrasuki) REDP-RIPE
On 2/18/2022 2:41 PM, Nick Cao via dns-wg wrote:
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
“tempting smell”? I love that expression! :-) The full report of where these algorithms are sup;orted canm be found at https://www.potaroo.net/ispcol/2021-06/eddi.html Of the major DNSSEC-validating resolver networks we observed: Google 8.8.8.8 - Yes Comcast - No Reliance Jio - No so its a mixed package Geoff
On 21 Feb 2022, at 1:28 pm, Nick Cao via dns-wg <dns-wg@ripe.net> wrote:
Nice catch! But who can resist the tempting smell of a brand new cryptographic building block? Speaking of the level of support, I personally have a low barrier on that: does major public resolvers support it? If that's a yes, we are good to go.
On 2/21/22 09:58, Geoff Huston wrote:
ok - I’ll bite - why do you want to use Ed25519 or Ed448 for DNSSEC? When I looked at the level of support for Ed25519 last June the measurements showed that "slightly less than one half of all users who use DNS recursive resolvers that perform DNSSEC validation using ECDSA P-256 also treat ED25519 digital signatures as “unknown.” [1] That study concluded with the Q&A: "Is Ed25519 ready for use? In my view, this data is telling us “No!” If you want to take advantage of the smaller signature sizes offered by these curve-based crypto algorithms, then ECDSA P-256 appears to offer similar cryptographic strength with the same key sizes as Ed25519, but with a far more widespread support base for validation.” [1] Hence my question - why are you wanting to sign with an algorithm that does not have enywhere near the level of validating resolver support as ECDSA P-256? thanks, Geoff [1] https://www.potaroo.net/ispcol/2021-06/eddi.html
On 19 Feb 2022, at 1:37 am, Tyrasuki via dns-wg <dns-wg@ripe.net> wrote:
Also curious myself,
I was trying to set up DNSSEC for my own and my workplace's network, and ran into the same issue, the same goes for Ed448. The newest that seems to be accepted is protocol 14 (ECDSAP384SHA384), so I've been using this for now.
Would also be interested in the current status of this.
Cheers, Jori (Tyrasuki) REDP-RIPE
On 2/18/2022 2:41 PM, Nick Cao via dns-wg wrote:
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg
Strangely, after leaving everything as-is for a day, the rollover has been completed automatically. Guess that it was the mechanism documented in https://www.ripe.net/manage-ips-and-asns/db/support/configuring-reverse-dns#... taking effect. However, the same checks would have been applied to this procedure, or was the system using another instance of zonemaster or other software? On 2/18/22 21:41, Nick Cao via dns-wg wrote:
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
On 19.2. 2022 10:54, Nick Cao via dns-wg wrote:
Strangely, after leaving everything as-is for a day, the rollover has been completed automatically. Guess that it was the mechanism documented in https://www.ripe.net/manage-ips-and-asns/db/support/configuring-reverse-dns#... taking effect. However, the same checks would have been applied to this procedure, or was the system using another instance of zonemaster or other software?
Hello Nick, this was indeed automated update of DS records based on CDS records published in your zone. Since this updater works by using RIPE NCC's superpowers to edit database objects on your behalf, these superpowers also override (or, to be precise, skip) the Zonemaster check. This is generally safe as the updater do all the checks prescribed by RFC 7344. Right now this is really the only way how to automatically upgrade to the newest DNSSEC algorithms which are not supported by the current version of Zonemaster. Unfortunately I cannot tell you anything about why is Zonemaster still not upgraded but hopefully some of my colleagues will do. -- Best regards, Ondřej Caletka RIPE NCC
On 18/02/2022 14:41, Nick Cao via dns-wg wrote: Hello Nick,
When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 today, I got the error 'Unknown cryptographic algorithm' when updating ds-rdata field. A quick google search led me to https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, which dates back to more than a year ago. It seems that the zonemaster deployment has not been updated to day, thus I would like to ask about the current progress.
Your observation is correct. The version of Zonemaster we're running isn't up to date, and can't handle algorithms 15 and 16. We are working on updating all the things. It is a two-stage process, where we need to update Zonemaster first (running on our current Linux distribution, CentOS 7), and then deploy it on a derivative of RedHat Linux 8, whose openssl understands these newer algorithms. Unfortunately, we cannot yet provide a date by when this will all be done. However, we appreciate your concern, and are putting more priority on getting this work done as soon as possible. The automatic update of your DS record happened as a result of our daily CDS scans. The code that does the scans and checks does not invoke Zonemaster, because it is only concerned with ensuring that the DNSSEC chain of trust is correct. Regards, Anand Buddhdev RIPE NCC
participants (5)
-
Anand Buddhdev -
Geoff Huston -
Nick Cao -
Ondřej Caletka -
Tyrasuki