Remove TKEY Mode 2 (Diffie-Hellman) (!7626) · Merge requests · ISC Open Source Projects / BIND

Ondřej Surý requested to merge 3905-remove-TKEY-Diffie-Hellman-exchange into main Feb 28, 2023

Completely remove the TKEY Mode 2 (Diffie-Hellman Exchanged Keying) from BIND 9 (from named, named.conf and all the tools). The TKEY usage is fringe at best and in all known cases, GSSAPI is being used as it should.

The draft-eastlake-dnsop-rfc2930bis-tkey specifies that:

4.2 Diffie-Hellman Exchanged Keying (Deprecated)

   The use of this mode (#2) is NOT RECOMMENDED for the following two
   reasons but the specification is still included in Appendix A in case
   an implementation is needed for compatibility with old TKEY
   implementations. See Section 4.6 on ECDH Exchanged Keying.

      The mixing function used does not meet current cryptographic
      standards because it uses MD5 [RFC6151].

      RSA keys must be excessively long to achieve levels of security
      required by current standards.

We might optionally implement Elliptic Curve Diffie-Hellman (ECDH) key exchange mode 6 if the draft ever reaches the RFC status. Meanwhile the insecure DH mode needs to be removed.

Closes #3905 (closed)

Remove TKEY Mode 2 (Diffie-Hellman)

Merge request reports