On Mar 9, 2020, at 7:40 PM, Tony Finch <d...@dotat.at> wrote: > > Paul Hoffman <paul.hoff...@icann.org> wrote: > >> This confuses a harm purposely caused by authorities (in this case, the >> IETF), with self-harm (in this case, a zone owner who didn't hear about >> the importance of doing an algorithm rollover, or did hear but didn't >> care). They are quite different. > > Also I think you have misunderstood an important point: the aim of my > draft is to disable validation for SHA-1 after it is no longer used for > signing.
Ah! I certainly missed that. If we can determine when something in the realm of "almost all" DNSEC signing with algorithms that use SHA-1 is done, then it is reasonable for the WG to propose that software that validates DNSSEC can stop doing so. > The first guess at a strategy might be a mess, but that's OK > because this is just a draft. So please stop accusing me of trying to hurt > people. It's extremely rude, especially when you repeat the accusation > after I told you I am trying to avoid it. Our messages crossed in the mailing list processing, so I apologize for the repetition. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
