Signature algorithm deprecation

[jschlyter]

While discussing DSA, @paulehoffman reminded me about RFC 8624:

   +--------+--------------------+-----------------+-------------------+
   | Number | Mnemonics          | DNSSEC Signing  | DNSSEC Validation |
   +--------+--------------------+-----------------+-------------------+
   | 1      | RSAMD5             | MUST NOT        | MUST NOT          |
   | 3      | DSA                | MUST NOT        | MUST NOT          |
   | 5      | RSASHA1            | NOT RECOMMENDED | MUST              |
   | 6      | DSA-NSEC3-SHA1     | MUST NOT        | MUST NOT          |
   | 7      | RSASHA1-NSEC3-SHA1 | NOT RECOMMENDED | MUST              |
   | 8      | RSASHA256          | MUST            | MUST              |
   | 10     | RSASHA512          | NOT RECOMMENDED | MUST              |
   | 12     | ECC-GOST           | MUST NOT        | MAY               |
   | 13     | ECDSAP256SHA256    | MUST            | MUST              |
   | 14     | ECDSAP384SHA384    | MAY             | RECOMMENDED       |
   | 15     | ED25519            | RECOMMENDED     | RECOMMENDED       |
   | 16     | ED448              | MAY             | RECOMMENDED       |
   +--------+--------------------+-----------------+-------------------+

Perhaps it is time to remove RSAMD5, DSA and DSA-NSEC3-SHA1 from dns.dnssec.validate()?

[paulehoffman]

+1 to following RFC 8624 if possible.

[bwelling]

I opened a PR for this a couple of years ago (#451), and it was rejected.

[paulehoffman]

Wow, Peter and PaulW both interpret RFC 8624 wrong. The latter is particularly weird because PaulW is one of the co-authors of the RFC... Peter is wrong in that the RFC is not just about resolvers and authoritative servers.

Thus, I think that the idea of following the RFC is still correct.

[rthalley]

I'm more willing to get rid of that stuff now than back then, though I'm still a little hesitant to break old testing code or whatever. Still, as people use dnspython for non-historical things, it seems good to follow RFC 8624. If we decided to keep it because of use in some historical code situation, it seems like at the minimum you ought to have to ask for it. E.g. the validate and sign code could have some sort of policy config that would default to RFC 8624.

[jschlyter]

For testing purposes I do find the old algorithms useful. If I'd like to create sample signatures to test things like RFC 8624 compliance, dnspython would be my choice. This is the main reason I write code to sign with DSA and RSAMD5, even though I agree it should not be enabled by default.

Perhaps older code could do something like dns.dnssec.enable_deprecated_algorithms = True (or a plain parameter to each of the two functions), but the default is to follow RFC 8624 and its successors. Another, more complex, option would be to add a policy parameter to validate() and sign().

[jschlyter]

@rthalley Perhaps something like jschlyter@01e48a6 would be acceptable together with a global dns.dnssec.ALLOW_DEPRECATED_ALGORITHMS (default False). First release would only warn about deprecated algorithms, later could enforce.

[rthalley]

I have an alternative take, #869. What do you think?

[jschlyter]

I like your approach, it's easier to extend than mine. Nice!

[paulehoffman]

I also like the approach of acknowledging the IETF policy here.