On Mon, Dec 20, 2021 at 10:42 PM Paul Hoffman wrote:
> On Dec 20, 2021, at 6:57 PM, Mark Andrews wrote:
> > Isn’t it about time we updated DH support in DNS to not use MD5? Currently
> > there is
> > no FIPS compatible DH key exchange in DNS. I suspect it would be
> > relatively straight
> >
On Dec 20, 2021, at 6:57 PM, Mark Andrews wrote:
>
> Isn’t it about time we updated DH support in DNS to not use MD5? Currently
> there is
> no FIPS compatible DH key exchange in DNS. I suspect it would be relatively
> straight
> forward by defining a new TKEY mode which does DH w/o using MD5
Isn’t it about time we updated DH support in DNS to not use MD5? Currently
there is
no FIPS compatible DH key exchange in DNS. I suspect it would be relatively
straight
forward by defining a new TKEY mode which does DH w/o using MD5.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW
