[Unbound-users] MD5 status deprecated by RFC6725

Ray Bellis Ray.Bellis at nominet.org.uk
Tue Sep 4 12:40:33 UTC 2012


On 31 Aug 2012, at 09:56, W.C.A. Wijngaards <wouter at NLnetLabs.nl> wrote:

> Are there other arguments we should take into consideration?

Yes.  As I understand it there is _zero_ evidence that MD5 is insecure when used as a digest in DNSSEC.

IMHO, this option should be a configurable _policy_ decision, and for now it should default to the conservative "accept" position.

kind regards,

Ray





More information about the Unbound-users mailing list