I've posted a follow-up to my article last month about SHA-1 chosen prefix collisions and DNSSEC. This discusses DNSSEC validation:
https://www.dns.cam.ac.uk/news/2020-02-14-sha-mbles.html Summary: DNSSEC validators should continue to treat SHA-1 signatures as secure until DNSSEC signers have had enough time to perform algorithm rollovers and eliminate SHA-1 from the vast majority of signed zones. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Viking, North Utsire, South Utsire, Forties, Cromarty: Southerly 6 to gale 8, occasionally severe gale 9 except in South Utsire, veering southwesterly 4 to 6 for a time. Rough or very rough, occasionally moderate. Rain or showers. Good, occasionally poor. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
