On 11/13/24 19:55, Philip Homburg wrote:
See our I-D on lifecycle. It addresses this issue squarely.The problem is that RedHat went ahead and disabled support for SHASHA1 (in the default configuration). That results in systems that violate the current DNSSEC standards.
Yes. Given that current RFCs knowingly aren't/weren't followed, I see little reason to assume that a new one (on lifecycles) would have any effect to stop/prevent that. (And those who follow the current RFCs don't need the lifecycle document, because they are already compliant.) Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
