A number of people have pointed out that MD5 is a weak hash subject to
collisions. While true for general crypto operations, I'm still not convinced
that one could find two DNS-valid domains that collide; collisions are
possible, to be sure, but a collision with "example.com" is likely to contain
at least one character that's not a valid DNS character, making the collision
space even smaller than it already is.
Doug also pointed out that my performance data were wrong or at least outdated;
I had found some tests that showed MD5 was 4x faster than SHA1, but that's
actually not the case, at least not these days.
But perhaps the easiest way to solve this debate was pointed out by Barry: The
IESG would be unlikely to support a protocol with even light security
implications that uses MD5 without a lot of research into why it's the best
choice over other algorithms. So that's that. :)
So I'll switch ATPS to what TPA did and use SHA1+base32, which constrains the
encoding to 32 bytes just like MD5 and isn't that much more expensive but is
definitely more palatable.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops