In your letter dated Thu, 2 May 2024 09:58:43 +0200 you wrote: >Right. Their policy may be "it's compliant and it works, so why roll?". It'll >be easier to push those SHA-1 signers to switch if one can tell them "look, no >w you're not compliant anymore".
So basically we need a BCP: operators of zones MUST NOT sign their zones with algorithms 5 and 7. If they currently do, they need to move away from those algorithms as quickly as possible. To me, that would sound better then trying to break protocols to get people to move. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop