Is this workgroup more appropriate to drive possible change? Has it any means to modify ietf.org infrastructure?
-------- Forwarded Message -------- Subject: DNSSEC algorithm used on ietf.org Date: Wed, 23 Mar 2022 12:28:39 +0100 From: Petr Menšík <pemen...@redhat.com> Organization: Red Hat To: tools-disc...@ietf.org Hello, I work in Red Hat on DNS related products. We were analysing impact on disabling algorithm RSASHA1. It is in a strange sitation, because IETF itself deprecated this algorithm [1], but is using it for all documents it publishes. For some reason site stats.dnssec-tools.org gives it as an example [2]. It seems update of Key signing key (ksk) and algorithm should be upgraded to more recent algorithm. There is also informational RFC 7583 [3], which should help with it. Is there already plan to upgrade DNSSEC algorithm? Is there any specific reason why it stayed unchanged? I were directed here by the support of ietf. Might be also interesting topic for dnsop WG. Were upgrade already considered? Best Regards, Petr Menšík 1. https://datatracker.ietf.org/doc/html/rfc8624#section-3 2. https://stats.dnssec-tools.org/explore/ 3. https://datatracker.ietf.org/doc/html/rfc7583 -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
