The IESG has approved the following document: - 'Deprecating the use of SHA-1 in DNSSEC signature algorithms' (draft-ietf-dnsop-must-not-sha1-09.txt) as Proposed Standard
This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Mahesh Jethanandani, Éric Vyncke and Mohamed Boucadair. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/ Technical Summary This document deprecates the use of the RSASHA1 and RSASHA1-NSEC3-SHA1 algorithms for the creation of DNSKEY and RRSIG records. It updates RFC4034 and RFC5155 as it deprecates the use of these algorithms. Working Group Summary From the shepherd's write-up: "WG consensus was solid." Document Quality Also from the shepherd's write-up: "This document is a "cleanup" document which retires a DNSSEC algorithm from use. It is clear and understandable." Moreover, the responsible AD has checked whether all valuable comments received during the IETF Last Call were addressed. Personnel The Document Shepherd for this document is Tim Wicinski. The Responsible Area Director is Éric Vyncke. IANA Note Existing entries are updated. RFC Editor Note RFC Editor Note When allocating RFC numbers for this I-D and for the related DNS drafts, please use three consecutive RFC numbers starting with draft-ietf-dnsop-rfc8624-bis, then draft-ietf-dnsop-must-not-sha1, then draft-ietf-dnsop-must-not-ecc-gost. Thanks -éric _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
