[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DS Algorithm selection and SHA1 deprecation

To: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: DS Algorithm selection and SHA1 deprecation
From: Alex Bligh <alex@alex.org.uk>
Date: Thu, 08 Dec 2005 13:37:16 +0000
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, Mark Andrews <Mark_Andrews@isc.org>, Wes Hardaker <hardaker@tislabs.com>, namedroppers@ops.ietf.org, Alex Bligh <alex@alex.org.uk>
In-reply-to: <a06200708bfbcc8aaea2c@[10.31.32.108]>
References: <200512071143.jB7BhhCh059845@drugs.dv.isc.org> <a06200700bfbc942a1896@[192.168.1.100]> <58C20D2039EB7F2C359E9719@[192.168.100.25]> <a06200708bfbcc8aaea2c@[10.31.32.108]>
Reply-to: Alex Bligh <alex@alex.org.uk>

I guess my point is that provided validators continue accepting SHA1,
authoritative servers using SHA256 are still vulnerable to attack, by
spoofing SHA1 records if SHA-1 is broken. IE the operator will be helped
not be using SHA-256, but by the validator not accepting SHA-1. I


(problem - "be" should be "by?")


Yes


Alex

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Mark Andrews <Mark_Andrews@isc.org>
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Edward Lewis <Ed.Lewis@neustar.biz>
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Alex Bligh <alex@alex.org.uk>
- Re: DS Algorithm selection and SHA1 deprecation
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

Prev by Date: Re: [Mip6] Re: RFC2136 and IP address ownership
Next by Date: Re: DS Algorithm selection and SHA1 deprecation
Previous by thread: Re: DS Algorithm selection and SHA1 deprecation
Next by thread: Re: DS Algorithm selection and SHA1 deprecation
Index(es):
- Date
- Thread