Hi Ondrej, On 10/04/17 15:18, Ondřej Surý wrote: > Perhaps this could be added to things controlled by: > > harden-algo-downgrade: yes/no? > > I don't think there's any security risk from using SHA1 for DS record > verification even if SHA-2 is available.
I never analysed the implications, but just implemented the RFC. That is why I am surprised by this. And I think you are right and that stuff can be controlled by the same switch. More leniency and strictness choice. Best regards, Wouter > > Ultimately, it's your call and decision. > > Cheers, >
signature.asc
Description: OpenPGP digital signature
