Greetings DNSOP, AFAICT there was no feedback received after this most recent version of the ZONEMD draft was posted. As I mentioned before, there was one pretty significant change in that version:
> The most significant change is that multiple ZONEMD records are allowed. The > document recommends that multiple digests be present only when transitioning > to a new digest type algorithm and has this to say about verification given > multiple digests: > > 4.1. Verifying Multiple Digests > > If multiple digests are present in the zone, e.g., during an > algorithm rollover, at least one of the recipient's supported Digest > Type algorithms MUST verify the zone. > > It is RECOMMENDED that implementations maintain a (possibly > configurable) list of supported Digest Type algorithms ranked from > most to least preferred. It is further RECOMMENDED that recipients > use only their most preferred algorithm that is present in the zone > for digest verification. > > As a matter of local policy, the recipient MAY require that all > supported and present Digest Type algorithms verify the zone. We would like to have feedback on this change before progressing to working group last call. DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
