On Thu, 6 Feb 2014, Viktor Dukhovni wrote:
I think that HMAC-sha224 would be wiser, since otherwise a single dictionary works for all domains.
So what, telnet'ing to port 25 and issuing HELO and RCP TO: is cheaper already. As PaulH said, this is not a security feature - it's only meant as a method to be able to store any LHS username in DNS. Straight sha224, no hmac. Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
