[Dnssec-deployment] DS digest types 1 vs 2

[Jakob Schlyter]

On 28 jul 2010, at 23.35, Chris Thompson wrote:

> As we are agonising about the merits of SHA-1 vs SHA-256 in signing
> algorithms, what is the general opinion about what digest type(s) to
> use in DS records? Just 1 (SHA-1)? Just 2 (SHA-256)? Both (in which
> case RFC 4509 section 3 requires that SHA-256-understanding validators
> ignore the type 1 DS record).

Using the same digest algorithm for the DS as in the child signatures seems like a reasonable default.

When we implemented the .SE legacy/default registrar, we choose to automatically publishes both SHA1 och SHA2 DS records based on DNSKEYs fetched from the child zone (thus not letting the child admin choose digest algorithm). Even this is a nice simplistic approach, I would give the child more flexibility if I would implement it today (although the fetch-DNSKEY-via-DNS-confirm-then-publish-as-DS approach is still of neat).

> There is a meta-question here: is it the policy for the parent zone
> or that for the child zone that determines this? My own feeling is
> that the first is preferable: the child registers a (K)SK with the
> parent and the parent decides what DS records to generate.

IMHO it is much simpler for the parent registry to just publish whatever the child submits. This puts all responsibility for correctness and the choice of algorithm on the child, and also makes it possible for the child to use a digest algorithm that the parent has yet to support (e.g. GOST). The registry could of course have a policy limiting the total number of DS records allowed from a single child, but that is another issue.

So for both technical and legal reasons, I'd choose to let the child make the call and the parent just publish - GIGO as its best.


	jakob

--
Jakob Schlyter
Kirei AB - http://www.kirei.se/