[Unbound-users] MD5 status deprecated by RFC6725

[Ray Bellis]

On 31 Aug 2012, at 09:56, W.C.A. Wijngaards <wouter at NLnetLabs.nl> wrote:

> Are there other arguments we should take into consideration?

Yes.  As I understand it there is _zero_ evidence that MD5 is insecure when used as a digest in DNSSEC.

IMHO, this option should be a configurable _policy_ decision, and for now it should default to the conservative "accept" position.

kind regards,

Ray