Good to know.
Will attach a task to the next our next KSK roll process. Should halve the
number of SHA1 DS's in the root.
Will also tweak some of our other DNSSEC process documentation to stop
providing them.
Stuart
On 11/2/21, 6:49 pm, "bind-users on behalf of Ondřej Surý"
<bind-users-boun...@lists.isc.org on behalf of ond...@isc.org> wrote:
Notice: This email is from an external sender.
> On 11. 2. 2021, at 7:01, Stuart@registry.godaddy wrote:
>
> It's one of those old compatibility things.
Also called *downgrade attack vector*.
Stuart, there’s absolutely no reason to keep any SHA1 in the DNS at the
time I am writing this message.
Cheers,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
