On Thu, 9 Sep 2021, Paul Hoffman wrote:
On Sep 9, 2021, at 8:28 AM, Paul Wouters <p...@nohats.ca> wrote:
This is hinted strongly at in 2006:
https://datatracker.ietf.org/doc/html/rfc4509#section-6.2
and even stronger via a MUST NOT in 2019's RFC 8624:
https://datatracker.ietf.org/doc/html/rfc8624#section-3.3
RFC 8624 is implementation guidance, not deployment guidance. This WG discussed
at length whether to include deployment guidance (particularly for weaker
algorithms like SHA1) and concluded that we didn't want to do that. You should
know this, given that you are co-editor of RFC 8624.
It seems that if we tell implementors to MUST NOT implement, that it
would be very unwise to still create new records of this type? Unless
we specifically want to test being part of the long tail of obsolete
deployments as a standards body.
What's the process for requesting the SHA-1 based DS record deletation for
.arpa?
Did you first ask the administrators of the zone in question before sending
this message to a grooup that has no administrative power over the zone?
No, I used this group as the umbrella contact, as I assumed the
knowledgeable people are here. But it seems instead I found a grumpy
person who seems to know the process better than me but prefers
yelling into the cloud more than educating me.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
