[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DS Algorithm selection and SHA1 deprecation

To: namedroppers@ops.ietf.org
Subject: Re: DS Algorithm selection and SHA1 deprecation
From: Wes Hardaker <hardaker@tislabs.com>
Date: Tue, 06 Dec 2005 13:23:50 -0800
In-reply-to: <20051206202338.GK25006@dba3> (Andrew Sullivan's message of "Tue, 6 Dec 2005 15:23:38 -0500")
Organization: Sparta
References: <sdzmne5cid.fsf@wes.hardakers.net> <7.0.0.10.2.20051206131847.03b089c0@nominum.com> <6.2.5.6.2.20051206142022.02df54e0@ogud.com> <a06200707bfbb99d7e466@[10.31.32.108]> <20051206202338.GK25006@dba3>
User-agent: Gnus/5.110003 (No Gnus v0.3) XEmacs/21.4 (Jumbo Shrimp, linux)

>>>>> On Tue, 6 Dec 2005 15:23:38 -0500, Andrew Sullivan <andrew@ca.afilias.info> said:

>> Is SHA-1 better than no understandable DS 
>> records?  (That's the question an operator of a 
>> resolver needs to ask themself.)

Andrew> That was exactly my worry when I read the previous draft, and
Andrew> I think this one has enough wiggle room in it to allow the
Andrew> operator to make the right choice (yet still suggests really
Andrew> strongly that SHA-1 is on the whole probably better to leave
Andrew> behind).

Which was precisely the goal of the current text: make sure operators
can select a secure solution but not mandate that they do so.
Capability is required, forced policy is not.

-- 
Wes Hardaker
Sparta, Inc.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Mark Andrews <Mark_Andrews@isc.org>

References:
- Review of draft-ietf-dnsext-ds-sha256-01.txt
  - From: Wes Hardaker <hardaker@tislabs.com>
- Re: Review of draft-ietf-dnsext-ds-sha256-01.txt
  - From: Mike StJohns <Mike.StJohns@nominum.com>
- DS Algorithm selection and SHA1 deprecation (Was: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt)
  - From: Ólafur Guðmundsson /DNSEXT co-chair <ogud@ogud.com>
- Re: DS Algorithm selection and SHA1 deprecation (Was: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt)
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: DS Algorithm selection and SHA1 deprecation (Was: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt)
  - From: Andrew Sullivan <andrew@ca.afilias.info>

Prev by Date: Re: DS Algorithm selection and SHA1 deprecation (Was: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt)
Next by Date: Re: DS Algorithm selection and SHA1 deprecation
Previous by thread: Re: DS Algorithm selection and SHA1 deprecation (Was: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt)
Next by thread: Re: DS Algorithm selection and SHA1 deprecation
Index(es):
- Date
- Thread