On Mon, Mar 27, 2017 at 12:45:04PM -0700, Paul Vixie wrote: > also, a validator that outputs "secure" based on MD5 inputs is making a > promise it can't keep.
MD5 is known to be breakable, but it's not *as* breakable that hasn't been signed, or a resolver that hasn't turned on validation. A validator that doens't implement an algorithm treats any domain signed by that algorithm as if it were not signed at all. A MITM attack on that domain goes from "not as difficult as we'd like" to "trivially easy". I don't see this as a net improvement to security. We can and should kill MD5 key generation and signing (and I'll add this to the ticket about updating defaults in BIND) but I'm uncomfortable killing MD5 validation until I'm sure there aren't any legacy keys floating around. Your other point about never-used code being uneploded ordnance is well taken. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop