Maintained by: NLnet Labs

[Unbound-users] MD5 status deprecated by RFC6725

Ray Bellis
Tue Sep 4 14:40:33 CEST 2012


On 31 Aug 2012, at 09:56, W.C.A. Wijngaards <wouter at NLnetLabs.nl> wrote:

> Are there other arguments we should take into consideration?

Yes.  As I understand it there is _zero_ evidence that MD5 is insecure when used as a digest in DNSSEC.

IMHO, this option should be a configurable _policy_ decision, and for now it should default to the conservative "accept" position.

kind regards,

Ray