RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Verified (1)

RFC 5702, "Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC", October 2009

Note: This RFC has been updated by RFC 6944

Source of RFC: dnsext (int)

Errata ID: 7090
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Peter van Dijk
Date Reported: 2022-08-15
Verifier Name: Warren Kumari (Ops AD)
Date Verified: 2022-08-26

Section 8.2 says:

8.2.  Signature Type Downgrade Attacks

   Since each RRSet MUST be signed with each algorithm present in the
   DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a
   malicious party cannot filter out the RSA/SHA-2 RRSIG and force the
   validator to use the RSA/SHA-1 signature if both are present in the
   zone.  This should provide resilience against algorithm downgrade
   attacks, if the validator supports RSA/SHA-2.

It should say:



The section is incorrect in its entirety. Although the requirement on signers does exist, there is no related requirement for validators to check that all signature algorithms are present. RFC6840 5.11 (which I do realise is newer than RFC5702) re-states this explicitly, where RFC4035 merely implied this distinction.

Report New Errata

Advanced Search