Good to know. Will attach a task to the next our next KSK roll process. Should halve the number of SHA1 DS's in the root.
Will also tweak some of our other DNSSEC process documentation to stop providing them. Stuart On 11/2/21, 6:49 pm, "bind-users on behalf of Ondřej Surý" <bind-users-boun...@lists.isc.org on behalf of ond...@isc.org> wrote: Notice: This email is from an external sender. > On 11. 2. 2021, at 7:01, Stuart@registry.godaddy wrote: > > It's one of those old compatibility things. Also called *downgrade attack vector*. Stuart, there’s absolutely no reason to keep any SHA1 in the DNS at the time I am writing this message. Cheers, Ondrej -- Ondřej Surý (He/Him) ond...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users