Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated treatment of DS SHA-1 in DNSSEC01 #839

Merged
merged 4 commits into from
Apr 16, 2020
Merged

Updated treatment of DS SHA-1 in DNSSEC01 #839

merged 4 commits into from
Apr 16, 2020

Conversation

matsduf
Copy link
Contributor

@matsduf matsduf commented Apr 8, 2020

ERROR was felt to be too harsh due to the wide use, and due to the
fact that SHA-1 based DNSSEC algorithms only create WARNING as
default. Secondly, IANA still lists SHA-1 as algorithm to be used for DS.

Commit 1: Updated the treatment of algo 1 (SHA-1)

  • Add an initial comment on the status of SHA-1
  • Created new message tag
  • Set default level to WARNING (instead of ERROR)

Commit 2: Removed trailing spaces

Commit 3:

  • Sorted message tags in table.
  • Sorted link list.
  • Updated indentation in link list.

When this PR has been approved and merged, a new issue will be created in Zonemaster-Engine for the implementation to be updated.

@matsduf
Updated the treatment of algo 1 (SHA-1)
1325ed2 
* Add an initial comment on the status of SHA-1
* Created new message tag
* Set default level to WARNING (instead of ERROR)

ERROR was felt to be too harsh due to the wide use, and due to the
fact that SHA-1 based DNSSEC algorithms only create WARNING as
default.
@matsduf
Removed trailing spaces
d1c2740
@matsduf
* Sorted message tags in table.
5a76c7d 
* Sorted link list.
* Updated indentation in link list.
@matsduf matsduf added A-TestCase Area: Test case specification or implementation of test case S-ProposalExists labels Apr 8, 2020
@matsduf matsduf added this to the v2019.2 milestone Apr 15, 2020
sandoche2k
sandoche2k approved these changes Apr 15, 2020
View reviewed changes
docs/specifications/tests/DNSSEC-TP/dnssec01.md
The table of algorithms below is for reference only and is copied from [IANA
At the time of writing (2020-04-08), algorithm 1 (SHA-1) is still
in wide use even though it is no longer considered to be secure
([Wikipedia]).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is Wikipedia a reliable reference?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, Wikipedia has good checks of the content.

@matsduf
Copy link
Contributor Author

matsduf commented Apr 15, 2020

@vlevigneron, can you also review?

@matsduf matsduf merged commit 59616bb into zonemaster:develop Apr 16, 2020
@matsduf matsduf deleted the update-ds-algo-1-dnssec01 branch April 16, 2020 19:01
@matsduf matsduf mentioned this pull request Apr 16, 2020
Closed
tgreenx pushed a commit to tgreenx/zonemaster that referenced this pull request Jan 3, 2022
@matsduf
Merge pull request zonemaster#839 from matsduf/merge-develop-into-master
66d3e32 
Merge develop into master (Engine), second time
@matsduf matsduf mentioned this pull request Apr 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattias-p mattias-p mattias-p approved these changes

@sandoche2k sandoche2k sandoche2k approved these changes

@vlevigneron vlevigneron vlevigneron approved these changes

Assignees
No one assigned
Labels
A-TestCase Area: Test case specification or implementation of test case
Projects
None yet
Milestone
v2019.2
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@matsduf @mattias-p @sandoche2k @vlevigneron