Add support for DSA/SHA1 (RFC 2536) #50

gnarea · 2022-11-17T22:40:34Z

An error will be thrown during verification if DSA/SHA1 is used, as we're not currently implementing this algorithm because:

It uses SHA-1 and DSA with 1024-bit keys, both of which are grossly insecure.
No TLD uses this algorithm as of November 2022 (curl -s http://www.internic.net/domain/root.zone | awk '$4 == "DS" { print $6}' | sort -n | uniq -c).
Given our current time constraints and the issues above, we can't justify implementing this feature now.

Having said this, we'd welcome a PR to add support for this algorithm as specified in RFC 2536.

The text was updated successfully, but these errors were encountered:

See #50.

gnarea changed the title ~~Implement (de)serialisation of DSA/SHA1 keys~~ Add support for DSA/SHA1 Nov 17, 2022

gnarea modified the milestone: Version 1 Nov 17, 2022

gnarea changed the title ~~Add support for DSA/SHA1~~ Add support for DSA/SHA1 (RFC 2536) Nov 18, 2022

gnarea added a commit that referenced this issue Nov 18, 2022

fix: Drop incomplete support for DSA/SHA1

3a5448d

See #50.

gnarea mentioned this issue Nov 18, 2022

fix: Drop incomplete support for DSA/SHA1 #55

Merged

kodiakhq bot pushed a commit that referenced this issue Nov 18, 2022

fix: Drop incomplete support for DSA/SHA1 (#55)

4bd3ff8

See #50.

gnarea added automerge Allow kodiak to automerge commit when all checks pass enhancement New feature or request and removed automerge Allow kodiak to automerge commit when all checks pass labels Nov 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for DSA/SHA1 (RFC 2536) #50

Add support for DSA/SHA1 (RFC 2536) #50

gnarea commented Nov 17, 2022 •

edited

Loading

Add support for DSA/SHA1 (RFC 2536) #50

Add support for DSA/SHA1 (RFC 2536) #50

Comments

gnarea commented Nov 17, 2022 • edited Loading

gnarea commented Nov 17, 2022 •

edited

Loading