Isn’t it about time we updated DH support in DNS to not use MD5? Currently there is no FIPS compatible DH key exchange in DNS. I suspect it would be relatively straight forward by defining a new TKEY mode which does DH w/o using MD5.
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
