A number of people have pointed out that MD5 is a weak hash subject to collisions. While true for general crypto operations, I'm still not convinced that one could find two DNS-valid domains that collide; collisions are possible, to be sure, but a collision with "example.com" is likely to contain at least one character that's not a valid DNS character, making the collision space even smaller than it already is.
Doug also pointed out that my performance data were wrong or at least outdated; I had found some tests that showed MD5 was 4x faster than SHA1, but that's actually not the case, at least not these days. But perhaps the easiest way to solve this debate was pointed out by Barry: The IESG would be unlikely to support a protocol with even light security implications that uses MD5 without a lot of research into why it's the best choice over other algorithms. So that's that. :) So I'll switch ATPS to what TPA did and use SHA1+base32, which constrains the encoding to 32 bytes just like MD5 and isn't that much more expensive but is definitely more palatable. _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
