> On Oct 9, 2020, at 12:08 PM, Ben Schwartz <bem...@google.com> wrote:
> 
> 
> 6.2.  Use of Multiple ZONEMD Hash Algorithms
> 
>    When a zone publishes multiple ZONEMD RRs, the overall security is
>    only as good as the weakest hash algorithm in use.
> 
> Why not require recipients to verify all digests with recognized algorithms?
> 

That text stating that one is sufficient was based on a conversation in the 
working group that started here:

https://mailarchive.ietf.org/arch/msg/dnsop/RFCklH7Lx00bL-tOVRCAc0j5ftw/


DW


Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to