I admit feedback from the DNS community were mostly negative or indifferent. Because the cause of this breakage is already merged and prepared for release, it would have to be reverted.
We have no feedback from our customers on this topic yet, because already released RHEL 9 Beta did not contain the responsible change. Final RHEL 9.0 haven't been released yet. I am trying to receive feedback how critical this change can be. What types of deployments can it affect or even break? I think SMTP services using DANE might be hit by this change. I don't have any numbers how many our customers need SHA-1 domains secure. I would like to receive any opinions here. Ideally backed by some numbers. On 4/13/22 20:35, Paul Hoffman wrote: > To date, have any of your customers or anyone in the DNS community, supported > your choice of how to implement this? If not, or if only a trivial number > have, does that affect your decision on how to implement this? This decision were not made by me and I had no vote for it before it was done. I try to reduce negative impact of it. But probability of reverting that change just because DNSSEC validators not prepared for it is low. Unless it has dramatic negative impact which I haven't found so far. > > --Paul Hoffman -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: [email protected] PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
