In message <[email protected]>, Andrew Sullivan writes: > On Mon, Feb 22, 2010 at 11:17:59AM -0500, Matt Larson wrote: > > > I am adamantly opposed to including > > any text about SHA1 hash collisions in an NSEC3 context. > > Add me to the choir. Actually, I'm opposed to including any text > about SHA-1 hash collisions in _any_ DNSSEC context until we write the > document, "Deprecating SHA-1 hash functions for DNSSEC".
SHA256 and SHA512 have the same problem, just with different probabilities of collisions. The problem is that one is using a hash, not the strength of the hash. > A > > -- > Andrew Sullivan > [email protected] > Shinkuro, Inc. > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
