Thanks! That was the response I was looking for. Much appreciated!

--
Ondřej Surý (He/Him)
ond...@isc.org

> On 11. 2. 2021, at 9:03, stuart@registry.godaddy wrote:
> 
> Good to know.
> 
> Will attach a task to the next our next KSK roll process. Should halve the 
> number of SHA1 DS's in the root.
> 
> Will also tweak some of our other DNSSEC process documentation to stop 
> providing them.
> 
> Stuart
> 
> On 11/2/21, 6:49 pm, "bind-users on behalf of Ondřej Surý" 
> <bind-users-boun...@lists.isc.org on behalf of ond...@isc.org> wrote:
> 
>    Notice: This email is from an external sender.
> 
> 
> 
>> On 11. 2. 2021, at 7:01, Stuart@registry.godaddy wrote:
>> 
>> It's one of those old compatibility things.
> 
>    Also called *downgrade attack vector*.
> 
>    Stuart, there’s absolutely no reason to keep any SHA1 in the DNS at the 
> time I am writing this message.
> 
>    Cheers,
>    Ondrej
>    --
>    Ondřej Surý (He/Him)
>    ond...@isc.org
> 
> 
> 

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to