> -----Original Message----- > From: dane [mailto:[email protected]] On Behalf Of Mark Andrews > Sent: Tuesday, March 18, 2014 4:27 AM > To: [email protected] > Subject: Re: [dane] Digest Algorithm Agility discussion > > > This whole argument of weakest vs strongest was had years ago in DNSSEC and > quite frankly is a waste of time trying to pick the strongest as you are often > comparing apples and oranges. > > DNSSEC validators just have a way to say "we no longer trust this algorithm" > and once that is set all records with that algorithm are ignored when doing > validation regardless of whether there is code to support that algorithm or > not. > > DANE implementations need a way to do the same for matching type. > > Stop trying to over engineer this.
+1 - At any given time this is a binary choice. The hash algorithm either is or is not acceptable. Jim > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
