Tom Pusateri wrote:
There’s no attack vector here. And a collision would have to be another valid RR already in the database with the same owner name and class. This is literally impossible. Probably not even with md5!
as i wrote when the discussion of catalog zone hashing got to this point, "if collisions are impossible even with md5, then please use md5, and include a security considerations paragraph or two as to how this is not a problem. for that matter, if md4 or md3 will work, use those. unnec'y hash complexity is a form of security theater."
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
