DS Algorithm selection and SHA1 deprecation (Was: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt)

[Ólafur Guðmundsson /DNSEXT co-chair <ogud@ogud.com>]

At 13:40 06/12/2005, Mike StJohns wrote:

> BUT (and feel free to send me off to the corner if this was 
> discussed prior), wouldn't it have made sense to either do the other 
> two SHA standards (SHA384 and SHA512) at the same time  in the same 
> document, or either as different algorithm types or having the 
> subtypes encoded in the digest field?
>
> Two nits
>  - [SHA256] should probably just be [SHA] as it covers 1, 256, 384 and 512.
>  - Should SHA1 be deprecated with the publication of this document?


Mike,

This proposal is made based on guidance from our Security AD, Russ Housley.
Specify SHA256 now and revisit the issue once NIST has issued guidance
on use of SHA-xxx or defined a new standard digest algorithm.
That effort is expected to take about 4 years.

Any guidance from WG members saying they prefer stronger digest
than SHA256, speak up now.

As for deprecating SHA1 right now this is something the editor
is looking for guidance on what the document should say.

        Olafur


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>