[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DS Algorithm selection and SHA1 deprecation
> >>>>> On Wed, 07 Dec 2005 08:44:51 +1100, Mark Andrews <Mark_Andrews@isc.org> said
> :
>
> Mark> For what it is worth, in implementing this draft, I found the
> Mark> word "prefer" to be very poorly defined. So much so the code
> Mark> needed to be commented to make the intent clear.
>
> How about changing:
>
> Validator implementations MUST be able to prefer DS records
> containing SHA-256 digests over those containing SHA-1 digests.
>
> to:
>
> Validator implementations MUST be able to ignore DS RRs containing
> SHA-1 digests when a DS RR record exists with a SHA-256 digest and
> covers the same name.
Validator implementations MUST, by default, ignore DS RRs containing
SHA-1 digests if DS RRs with SHA-256 digests are present in the
DS RRset.
> ??
>
> Mark> At this stage I have no intention of implementing the MAY.
>
> Such is the beauty or ugliness of a MAY depending on your
> prospective.
>
> --
> Wes Hardaker
> Sparta, Inc.
>
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>