On Mon, Aug 15, 2022 at 09:29:28AM -0400, Paul Wouters wrote:
> I think our decision should be based on the deplyment statistics of SHA1
> based zones and keys. I'd love to see the trending statistics from
> Viktor to guide us here. Last time we looked it was still in the order
> of 40% or so ?
>
> We need to be in the tail-end before we change validation recommendations
> for SHA1 from MUST to SHOULD or MAY or MUST NOT.
Amongst TLDs there are still a few that use algorithm 5 or 7, and aren't
already in the middle of an algorithm rollover to 8, 10, 13 or 14:
alg | TLD
-----+-------------------
7 | am
7 | apple
7 | beats
7 | case
7 | int
7 | la
7 | monster
7 | samsung
7 | storage
7 | xn--cg4bki
7 | xn--mgbai9azgqp6j
7 | xn--q7ce6a
7 | xn--y9a3aq
5 | audio
5 | auto
5 | car
5 | cars
5 | christmas
5 | diet
5 | flowers
5 | game
5 | guitars
5 | hosting
5 | kg
5 | lk
5 | lol
5 | mom
5 | na
5 | pics
5 | xn--l1acc
Mostly smallish gTLDs, for which the total and signed delegation
counts, respectively, are:
TLD total signed
--- ----- ------
monster 88660 240
lol 32123 473
pics 16895 142
mom 8219 315
audio 5171 290
game 4180 78
hosting 2899 153
christmas 1400 63
diet 1299 36
flowers 1135 53
guitars 772 15
storage 560 15
auto 470 5
car 320 6
cars 296 5
apple 31 1
samsung 4 0
beats 2 1
xn--cg4bki 2 0
case 1 1
I don't have authoritative counts for the ccTLDs above, but these will
also be low.
--
Viktor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
