[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DS Algorithm selection and SHA1 deprecation

To: Mark Andrews <Mark_Andrews@isc.org>
Subject: Re: DS Algorithm selection and SHA1 deprecation
From: Wes Hardaker <hardaker@tislabs.com>
Date: Wed, 07 Dec 2005 11:10:02 -0800
Cc: namedroppers@ops.ietf.org
In-reply-to: <200512070750.jB77oCoE059220@drugs.dv.isc.org> (Mark Andrews's message of "Wed, 07 Dec 2005 18:50:12 +1100")
Organization: Sparta
References: <200512070750.jB77oCoE059220@drugs.dv.isc.org>
User-agent: Gnus/5.110003 (No Gnus v0.3) XEmacs/21.4 (Jumbo Shrimp, linux)

>>>>> On Wed, 07 Dec 2005 18:50:12 +1100, Mark Andrews <Mark_Andrews@isc.org> said:

>> Because zone administrators can not control the deployment support of
>> SHA-256 in deployed validators that may referencing any given zone,
>> deployments should consider publishing both SHA-1 and SHA-256 based DS
>> records.  This should be done for every DNSKEY for which a DS records
>> are being generated.  Whether to make use of both digest types and for
>> how long is a policy decision that extends beyond the scope of this
>> document.

Mark> I'm fine with this wording.

Changed.  Thanks (to both you and Andrew)

-- 
Wes Hardaker
Sparta, Inc.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Mark Andrews <Mark_Andrews@isc.org>

Prev by Date: Re: DS Algorithm selection and SHA1 deprecation
Next by Date: Re: DS Algorithm selection and SHA1 deprecation
Previous by thread: Re: DS Algorithm selection and SHA1 deprecation
Next by thread: Re: DS Algorithm selection and SHA1 deprecation
Index(es):
- Date
- Thread