In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512 (code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing. The argument is it is not currently heavily used but I am afraid it is not a very good argument. I have a question for cryptographers in the list: as far as I know there is a relationship with the RSA key size and the output length of the hash algorithm. So perhaps we should not plan to move RSASHA512 to MAY (or worse to MUST NOT) as the SHOULD- means, i.e., put a SHOULD (vs SHOULD-) for RSASHA512? Note the time the I-D will be published and applicable we likely get a clearer view about this issue (:-)!
Regards francis.dup...@fdupont.fr _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
