> Using NSEC instead of NSEC3 because you fear SHA1 collisions does not > seem sensible, as if you fear SHA1 collisions, you have other more > significant problems with DNSSEC to worry about, and thus this is > not, in my opinion, reasonable. And it isn't sensible to suggest > users worry about it. If we are going to mention it, it should be > in security considerations, saying NSEC3 is dependent upon certain > properties of its hash algorithm (I forget now whether it is > collision resistance, pre-image resistance or or what), but this > should also point out the whole of DNSSEC is predicated on similar > qualities.
+1 except for the "if". It is mathematically possible for collisions to occur with one approach and not the other, and it would be irresponsible not to make note of the fact, even if we agree that the chances of this occurring in nature are negligible. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
