[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DS Algorithm selection and SHA1 deprecation

To: Mark Andrews <Mark_Andrews@isc.org>
Subject: Re: DS Algorithm selection and SHA1 deprecation
From: Wes Hardaker <hardaker@tislabs.com>
Date: Tue, 06 Dec 2005 20:30:19 -0800
Cc: namedroppers@ops.ietf.org
In-reply-to: <200512062325.jB6NPfp8010533@drugs.dv.isc.org> (Mark Andrews's message of "Wed, 07 Dec 2005 10:25:41 +1100")
Organization: Sparta
References: <200512062325.jB6NPfp8010533@drugs.dv.isc.org>
User-agent: Gnus/5.110003 (No Gnus v0.3) XEmacs/21.4 (Jumbo Shrimp, linux)

>>>>> On Wed, 07 Dec 2005 10:25:41 +1100, Mark Andrews <Mark_Andrews@isc.org> said:

>> Validator implementations MUST be able to ignore DS RRs containing
>> SHA-1 digests when a DS RR record exists with a SHA-256 digest and
>> covers the same name.

Mark> Validator implementations MUST, by default, ignore DS RRs containing
Mark> SHA-1 digests if DS RRs with SHA-256 digests are present in the
Mark> DS RRset.

I'm fine with that wording but it does change the default requirement
to a MUST from a SHOULD (you've combined two previous requirements (1
MUST and 1 SHOULD) into a single sentence).

I actually think it should be a MUST but my feeling before was that
not everyone would likely agree.  If there are no objections to your
wording, however, I'll use that.

-- 
Wes Hardaker
Sparta, Inc.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Mark Andrews <Mark_Andrews@isc.org>

Prev by Date: Re: DS Algorithm selection and SHA1 deprecation
Next by Date: Re: DS Algorithm selection and SHA1 deprecation
Previous by thread: Re: DS Algorithm selection and SHA1 deprecation
Next by thread: Re: DS Algorithm selection and SHA1 deprecation
Index(es):
- Date
- Thread