Isn’t it about time we updated DH support in DNS to not use MD5? Currently there is no FIPS compatible DH key exchange in DNS. I suspect it would be relatively straight forward by defining a new TKEY mode which does DH w/o using MD5.
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop