On Mon, 15 Aug 2022, Viktor Dukhovni wrote:
Presently, out of 18,975,098 working signed delegations:
* 136,295 zones use RSASHA1-NSEC3-SHA1 (7).
* 21,254 zones use RSASHA1 (5).
So the number of eTLD+1 zones that rely on SHA-1 RRSIGs is a fairly
stable ~0.8%, and a stronger nudge would be needed for the remaining
holdouts to perform algorithm rollovers.
Oh ! This is great news!
I drop my objection to changing SHA1 status :)
The holdouts include, for example:
- ietf.org
- irtf.org
I have raised this a number of times, I'll raise it again in light of
the current draft on the next IESG meeting.
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
