In your letter dated Tue, 28 Mar 2017 11:01:01 +0100 you wrote: >Evan Hunt <e...@isc.org> wrote: >> >> MD5 is known to be breakable, but it's not *as* breakable that hasn't been >> signed, or a resolver that hasn't turned on validation. > >It features Postscript, PDF/JPEG, and GIF MD5 quines (where the MD5 hash >of the document appears in the text of the document itself) and is itself >an MD5 quine in two different ways (PDF and NES ROM polyglot).
What makes it bad in the case of DNSSEC is that in various ways DNSSEC validators indicate to the user that a result is validated without also reporting the algorithm(s) used. So for any piece of client code that takes a security decision based on that data, allowing weak algorithms or parameters means that either all of DNSSEC should be treated as insecure, or potentially insecure configurations are without warning treated as secure. So if would be best if a validator that implements MD5 would still return NXDOMAIN is validation fails, but would keep the AD-bit clear even if validation passes for a domain signed using MD5. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop