The aim of this is to deprecate SHA-1 algorithms 5 and 7 more vigorously. I've put in a fairly specific timetable for sake of argument, basically to set up the death of SHA-1 as next year's DNS "flag day", unless some clever cryptanalysis forces it to happen sooner.
I'm afraid it's a rough first pass: I haven't given it a read-through and cleanup, because watching Flash Gordon was more fun. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ ALL CREATURES WILL MAKE MERRY UNDER PAIN OF DEATH ---------- Forwarded message ---------- Date: Mon, 09 Mar 2020 15:55:05 -0700 From: internet-dra...@ietf.org To: Tony Finch <d...@dotat.at> Subject: New Version Notification for draft-fanf-dnsop-sha-ll-not-00.txt A new version of I-D, draft-fanf-dnsop-sha-ll-not-00.txt has been successfully submitted by Tony Finch and posted to the IETF repository. Name: draft-fanf-dnsop-sha-ll-not Revision: 00 Title: Hardening DNSSEC against collision weaknesses in SHA-1 and other cryptographic hash algorithms Document date: 2020-03-09 Group: Individual Submission Pages: 18 URL: https://www.ietf.org/internet-drafts/draft-fanf-dnsop-sha-ll-not-00.txt Status: https://datatracker.ietf.org/doc/draft-fanf-dnsop-sha-ll-not/ Htmlized: https://tools.ietf.org/html/draft-fanf-dnsop-sha-ll-not-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-fanf-dnsop-sha-ll-not Abstract: DNSSEC deployments have often used the SHA-1 cryptographic hash algorithm to provide authentication of DNS data. This document explains why SHA-1 is no longer secure for this purpose, and deprecates its use in DNSSEC signatures. This document updates RFC 8624. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
