On Mar 23, 2022, at 7:30 AM, Petr Menšík <pemen...@redhat.com> wrote: > > Is this workgroup more appropriate to drive possible change? Has it any means > to modify ietf.org infrastructure?
No and no. Having said that, please see below for commentary on your reasoning. > -------- Forwarded Message -------- > Subject: DNSSEC algorithm used on ietf.org > Date: Wed, 23 Mar 2022 12:28:39 +0100 > From: Petr Menšík <pemen...@redhat.com> > Organization: Red Hat > To: tools-disc...@ietf.org > > > Hello, > > I work in Red Hat on DNS related products. We were analysing impact on > disabling algorithm RSASHA1. The impact is clear: you will cause many validly-signed zones to be considered unsigned. > It is in a strange sitation, because IETF > itself deprecated this algorithm [1], Where in RFC 8624 do you believe it says that RSASHA1 is deprecated? Searching for "depreca" in the document finds it used for other algorithms, but not RSASHA1. Further, the chart clearly shows it is not deprecated: +--------+--------------------+-----------------+-------------------+ | Number | Mnemonics | DNSSEC Signing | DNSSEC Validation | +--------+--------------------+-----------------+-------------------+ . . . | 5 | RSASHA1 | NOT RECOMMENDED | MUST | That is, "MUST" validate is clearly not deprecated. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
