On Mon, Jan 13, 2025 at 5:11 PM Paul Wouters <p...@nohats.ca> wrote:
> On Jan 13, 2025, at 16:38, Warren Kumari <war...@kumari.net> wrote: > > On Tue, Jan 07, 2025 at 1:44 PM, Paul Wouters <p...@nohats.ca> wrote: > >> On Tue, 7 Jan 2025, Paul Hoffman wrote: >> >> draft-ietf-dnsop-must-not-sha1 >> >> This document is fine as-is, with one minor nit: Appendix C should be >> marked for removal by the RFC Editor, similar to Appendix B. >> >> I think the Title and Abstract are broken. It currently states: >> >> Remove SHA-1 from active use within DNSSEC >> >> Abstract >> >> This document retires the use of SHA-1 within DNSSEC. >> >> As we are not removing SHA-1 from NSEC3, >> > > Oh, yeah, good point! Thank you. > >> >> I believe the title and abtract >> (and perhaps more content) should clarify that this is about removing >> SHA-1 as hashing and signature algorithm. >> > > Shumon noted that it is used as a hashing algorithm in NSEC3, so we are > proposing: > Title: ""Deprecating the use of SHA-1 in DNSSEC signature algorithms"" > and > Abstract: > "This document deprecates the use of the RSASHA1 and RSASHA1-NSEC3-SHA1 > algorithms for the creation of DNSKEY and RRSIG records." > > Does that work for you / Shumon? > > > Works for me. > > Paul > Yup, looks good to me too. Shumon.
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
