On Tue, Nov 15, 2016 at 12:22:18AM +0100, Ondřej Surý wrote:
> a new version of EDDSA for DNSSEC has been posted
> that resolves most if not all comments received
> during WGLC in curdle. This is one last chance
> to review the document, so don't miss it! :)
My only comment is that I very much hope that the code-point
assignments for the new curves are accompanied by a deprecation of
at least as many obsolete algorithms that should no longer be used.
Specifically, I'd like to see deprecation of algorithms:
* 3 (DSA/SHA1)
* 5, (RSA/SHA-1, same as 7 but without possibility of NSEC3)
* 6 (DSA-NSEC3-SHA1, same as 3 with perhaps NSEC3, but both need to go)
* 12 (GOST R 34.10-2001)
except as required to meet any local regulations).
If, while adding two new algorithms, we in parallel deprecate four
old ones, then we're making progress.
--
Viktor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
