[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DS Algorithm selection and SHA1 deprecation

To: Wes Hardaker <hardaker@tislabs.com>
Subject: Re: DS Algorithm selection and SHA1 deprecation
From: Mark Andrews <Mark_Andrews@isc.org>
Date: Wed, 07 Dec 2005 18:50:12 +1100
Cc: namedroppers@ops.ietf.org
In-reply-to: Your message of "Tue, 06 Dec 2005 21:54:06 -0800." <sdacfdzc3l.fsf@wes.hardakers.net>

> >>>>> On Wed, 07 Dec 2005 15:59:22 +1100, Mark Andrews <Mark_Andrews@isc.org> said
> :
> 
> >> Because zone administrators can not control the deployment support
> >> of SHA-256 in deployed validators that may referencing any given
> >> zone, deployments should consider publishing both SHA-1 and SHA-256
> >> based DS records for a while.  If multiple algorithms are used for a
> >> given name then both SHA-1 and SHA-256 based DS records should be
> >> published for every algorithm.  Whether to make use of both digest
> >> types and for how long is a policy decision that extends beyond the
> >> scope of this document.
> 
> Mark> I'd still prefer the following change
> 
> Mark> s/algorithm/algorithm and preferably for every DNSKEY for which a DS is bein
> g generated/
> 	
> Ok, but that's actually sort of stating the same thing again.  Can't
> we simplify things and just use your last wording without mentioning
> algorithms?
> 
>   Because zone administrators can not control the deployment support of
>   SHA-256 in deployed validators that may referencing any given zone,
>   deployments should consider publishing both SHA-1 and SHA-256 based DS
>   records.  This should be done for every DNSKEY for which a DS records
>   are being generated.  Whether to make use of both digest types and for
>   how long is a policy decision that extends beyond the scope of this
>   document.

	I'm fine with this wording.

> -- 
> Wes Hardaker
> Sparta, Inc.
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Wes Hardaker <hardaker@tislabs.com>

References:
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Wes Hardaker <hardaker@tislabs.com>

Prev by Date: Re: DS Algorithm selection and SHA1 deprecation
Next by Date: Re: [Mip6] Re: RFC2136 and IP address ownership
Previous by thread: Re: DS Algorithm selection and SHA1 deprecation
Next by thread: Re: DS Algorithm selection and SHA1 deprecation
Index(es):
- Date
- Thread