On Thu, 11 Mar 2010, Paul Wouters wrote: >> Is ARPA expecting everyone to upgrade to a sha256 supporting bind >> immediately? There's no migration window? > > If someone has dnssec enabled in bind including DLV, then the key will be > found and its use will be attempted. I am not sure what happens on an older > bind 9.6.1 when that happens. One will hope it will just continue to be > treated as "insecure" and not as "bogus" (aka servfail). I have not tested > this. Just for the record, 9.6.1 was patched so unknown algs go "insecure", so this is not an issue. Sorry to distract from the main focus of this discussion with a bad example. Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
