Re: [DNSOP] Last Call: (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard

Sun, 17 Feb 2019 11:47:36 -0800 

The table in section 3.3 ("DS and CDS Algorithms") of the draft states that 
SHA-1 is "MUST NOT" for "DNSSEC Delegation" but in the narrative text under the 
table it states "SHA-1 [...] is NOT RECOMMENDED for use in generating new DS 
and CDS records."

The two statements should be consistent in the final RFC.


Yours,
Mats

---
Mats Dufberg
DNS Specialist, IIS
Mobile: +46 73 065 3899
https://www.iis.se/en/
 

-----Original Message-----
From: DNSOP <[email protected]> on behalf of The IESG 
<[email protected]>
Reply-To: "[email protected]" <[email protected]>
Date: Wednesday, 13 February 2019 at 20:30
To: IETF-Announce <[email protected]>
Cc: Tim Wicinski <[email protected]>, 
"[email protected]" 
<[email protected]>, "[email protected]" 
<[email protected]>, "[email protected]" <[email protected]>
Subject: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> 
(Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to 
Proposed Standard

    
    The IESG has received a request from the Domain Name System Operations WG
    (dnsop) to consider the following document: - 'Algorithm Implementation
    Requirements and Usage Guidance for DNSSEC'
      <draft-ietf-dnsop-algorithm-update-05.txt> as Proposed Standard
    
    The IESG plans to make a decision in the next few weeks, and solicits final
    comments on this action. Please send substantive comments to the
    [email protected] mailing lists by 2019-02-27. Exceptionally, comments may be
    sent to [email protected] instead. In either case, please retain the beginning 
of
    the Subject line to allow automated sorting.
    
    Abstract
    
    
       The DNSSEC protocol makes use of various cryptographic algorithms in
       order to provide authentication of DNS data and proof of non-
       existence.  To ensure interoperability between DNS resolvers and DNS
       authoritative servers, it is necessary to specify a set of algorithm
       implementation requirements and usage guidelines to ensure that there
       is at least one algorithm that all implementations support.  This
       document defines the current algorithm implementation requirements
       and usage guidance for DNSSEC.  This document obsoletes [RFC6944].
    
    
    
    
    The file can be obtained via
    https://datatracker.ietf.org/doc/draft-ietf-dnsop-algorithm-update/
    
    IESG discussion can be tracked via
    https://datatracker.ietf.org/doc/draft-ietf-dnsop-algorithm-update/ballot/
    
    
    No IPR declarations have been submitted directly on this I-D.
    
    
    
    
    _______________________________________________
    DNSOP mailing list
    [email protected]
    https://www.ietf.org/mailman/listinfo/dnsop
    

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to