Re: DS Algorithm selection and SHA1 deprecation

["william(at)elan.net" <william@elan.net>]

On Tue, 6 Dec 2005, Wes Hardaker wrote:

> > > > > > On Wed, 07 Dec 2005 08:44:51 +1100, Mark Andrews <Mark_Andrews@isc.org> said:
>
> Mark> For what it is worth, in implementing this draft, I found the
> Mark> word "prefer" to be very poorly defined.  So much so the code
> Mark> needed to be commented to make the intent clear.
>
> How about changing:
>
>   Validator implementations MUST be able to prefer DS records
>   containing SHA-256 digests over those containing SHA-1 digests.
>
> to:
>
>   Validator implementations MUST be able to ignore DS RRs containing
>   SHA-1 digests when a DS RR record exists with a SHA-256 digest and
>   covers the same name.

Is this glass-half-full<=>glass-half-empty kind of changes?

I really don't see a difference between these two paragraphs as far
as how implimentation would work...

Also is "MUST be able to" intentional (i.e. instead of just "MUST")?

--
William Leibzon
Elan Networks
william@elan.net

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>