[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DS Algorithm selection and SHA1 deprecation
>>>>> On Tue, 6 Dec 2005 18:00:31 -0800 (PST), "william(at)elan.net" <william@elan.net> said:
>> Validator implementations MUST be able to ignore DS RRs containing
>> SHA-1 digests when a DS RR record exists with a SHA-256 digest and
>> covers the same name.
william> Is this glass-half-full<=>glass-half-empty kind of changes?
Yes. It's almost entirely wording nits that people have been talking
about, not about the concepts underneath.
william> I really don't see a difference between these two paragraphs as far
william> as how implimentation would work...
There isn't any. Mark was stating that the wording wasn't clear in
his mind. It obviously was in yours if you read it the same way both
times. :-)
william> Also is "MUST be able to" intentional (i.e. instead of just "MUST")?
Yes. Because it doesn't mandate policy, it only mandates that it must
be possible to ignore SHA-1 in the presence of SHA-256 but allows for
implementations to accept operator configuration that requires other policy.
--
Wes Hardaker
Sparta, Inc.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>