[DNSOP] Re: I-D Action: draft-ietf-dnsop-must-not-sha1-07.txt

Ondřej Surý Wed, 21 May 2025 09:04:21 -0700

This still speaks only about RSASHA-1 and RSASHA1-NSEC3-SHA1 and it doesn’t address SHA-1 algorithm for DS.

The Section 5 modifies both tables.

Ondrej

Ondřej Surý (He/Him)

On 21. 5. 2025, at 16:57, Tim Wicinski <[email protected]> wrote:

Wes/Warren

I made a stab at aligning section 2 of must-not-sha1 with section 2 of must-not-gost.

https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-must-not-sha1/pull/11

If this is useful

tim

On Wed, May 21, 2025 at 9:49 AM Ondřej Surý <[email protected]> wrote:
Oh, absolutely, great idea. Consistency is great.

Ondrej
--
Ondřej Surý (He/Him)

On 21. 5. 2025, at 15:47, Tim Wicinski <[email protected]> wrote:

wearing no hats

Ondrej

On Wed, May 21, 2025 at 7:35 AM Ondřej Surý <[email protected]> wrote:
Hi Wes and Warren,

while this is not crucial for the draft to progress, but since you are making
changes to it, it might be worthwhile to raise this now rather than later.

The Section 2 mentions DNSKEY and RRSIGs, but there's no mention of SHA-1
in DS until "Section 5 IANA Considerations".

Another idea is to make Section 2 of must-not-sha1 similar to Section 2 of must-not-gost.
They are almost identical in nature except for the missing DS record in must-not-sha1.

I would think the consistency would be useful to the various readers, and good examples in the future, but I can always be mistaken.

tim

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[DNSOP] Re: I-D Action: draft-ietf-dnsop-must-not-sha1-07.txt

Reply via email to