Good to know.

Will attach a task to the next our next KSK roll process. Should halve the 
number of SHA1 DS's in the root.

Will also tweak some of our other DNSSEC process documentation to stop 
providing them.

Stuart

On 11/2/21, 6:49 pm, "bind-users on behalf of Ondřej Surý" 
<bind-users-boun...@lists.isc.org on behalf of ond...@isc.org> wrote:

    Notice: This email is from an external sender.



    > On 11. 2. 2021, at 7:01, Stuart@registry.godaddy wrote:
    >
    > It's one of those old compatibility things.

    Also called *downgrade attack vector*.

    Stuart, there’s absolutely no reason to keep any SHA1 in the DNS at the 
time I am writing this message.

    Cheers,
    Ondrej
    --
    Ondřej Surý (He/Him)
    ond...@isc.org



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to