* Roy Arends: > So, a collision (that is nothing more than a collision) is a problem > for NSEC3, but not for RSASHA1?
You still need a collision over somewhat structured data. Chosen-prefix collisions (with different prefixes) are likely not *that* far away after that, and those break RSASHA1 completely (in the sense that you can register a crafted org domain name and get an RRSIG from org that fits example.org as well, with private key material known to you). -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop