In article <2914db1a-f7a3-4f1b-a2f0-da054b447...@icann.org> you write: >If we can determine when something in the realm of "almost all" DNSEC signing >with algorithms that use SHA-1 is >done, then it is reasonable for the WG to propose that software that validates >DNSSEC can stop doing so.
FWIW, the 2007 DKIM spec said that RSA keys SHOULD be at least 1024 bits but allowed 512 bits as what we intended as a short transition. In fact, vast amounts of mail continued to have 512 bit signatures and ignored all the pleas and warnings until 2012 when Google told the world that they'd stop validating 512 bit signatures. At that point in about a week, everyone fixed their signers to use 1024. The people who run DNS servers and the ones who run mail servers are often not the same, but I don't see any reason to think DNS operators are any less lazy. What this tells me is that the IETF cannot make credible threats of this kind, so don't try. People will stop signing with SHA-1 when large DNSSEC consumers stop accepting it. Comcast, perhaps. -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
