Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 15 Feb 2019, Mats Dufberg wrote:


The table in section 3.3 ("DS and CDS Algorithms") of the draft states that SHA-1 is "MUST NOT" for "DNSSEC Delegation" but in the narrative text under the table it states "SHA-1 [...] is NOT RECOMMENDED for use in generating new DS and CDS records."

The two statements should be consistent in the final RFC.


Done, thanks for spotting that.

https://tools.ietf.org/rfcdiff?url2=draft-ietf-dnsop-algorithm-update-06.txt

    SHA-1 is still in wide use for DS records, so validators MUST
-   implement validation, but it is NOT RECOMMENDED for use in generating
-   new DS and CDS records.  (See Operational Considerations for caveats
-   when upgrading from SHA-1 to SHA-256 DS Algorithm.)
+   implement validation, but it MUST NOT be used to generate new DS and
+   CDS records.  (See Operational Considerations for caveats when
+   upgrading from SHA-1 to SHA-256 DS Algorithm.)

Paul
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux