[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DS Algorithm selection and SHA1 deprecation
>>>>> On Wed, 07 Dec 2005 08:44:51 +1100, Mark Andrews <Mark_Andrews@isc.org> said:
Mark> For what it is worth, in implementing this draft, I found the
Mark> word "prefer" to be very poorly defined. So much so the code
Mark> needed to be commented to make the intent clear.
How about changing:
Validator implementations MUST be able to prefer DS records
containing SHA-256 digests over those containing SHA-1 digests.
to:
Validator implementations MUST be able to ignore DS RRs containing
SHA-1 digests when a DS RR record exists with a SHA-256 digest and
covers the same name.
??
Mark> At this stage I have no intention of implementing the MAY.
Such is the beauty or ugliness of a MAY depending on your
prospective.
--
Wes Hardaker
Sparta, Inc.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>