Ondřej Surý <ond...@isc.org> wrote:
I am quite confused as SHA-512 is not standardized for use in DS records:
https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml
I believe this change should be rejected until (and if) SHA-512 is standardized
to use in DS records.
Indeed it should be rejected, but also when/if SHA512 were added.
The proper process would be to write a new draft add it, if there
is a clear need for it. Currently, I don't see a need for adding
SHA-512, and the Reporter is wrong about their use case for CNSA:
https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF
CNSA 1.0 specifies SHA384 (not SHA256, or SHA 512)
CNSA 2.0 did not remove any hashes, and added SHA512
Paul
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
