[DNSOP] SHA-1 DS algo in arpa. :)

Paul Wouters Thu, 09 Sep 2021 08:28:31 -0700


Looks like for arpa., the DS records are:

arpa.                   27247   IN      DS      42581 8 1 
778606D9623F843F156E7D11ACBF815EB67AB516
arpa.                   27247   IN      DS      42581 8 2 
F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D7 1F3C40F9


Per our own recommendations, we should probanly ask for the SHA-1 record to be 
removed :)

This is hinted strongly at in 2006:

        https://datatracker.ietf.org/doc/html/rfc4509#section-6.2

and even stronger via a MUST NOT in 2019's RFC 8624:

        https://datatracker.ietf.org/doc/html/rfc8624#section-3.3

What's the process for requesting the SHA-1 based DS record deletation for 
.arpa?

Paul

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] SHA-1 DS algo in arpa. :)

Reply via email to