Reviewer: Barry Leiba Review result: Ready with Nits By themselves (without “RSA”), SHA-1, SHA-256 and other “SHA-nnn” designations are hash (or digest) algorithms, not encryption algorithms, and we should probably be more careful about what we call them. In this document it doesn’t matter much, because this is just about depreciation and not documentation of their use, but, still we have the opportunity to get it right.
So: - “DNSSEC [RFC9364] originally made extensive use of SHA-1 as a cryptographic verification algorithm” should say “cryptographic hash algorithm” - “Since then, multiple other signing algorithms with stronger cryptographic strength” can just say “other algorithms” - For “by guiding signers to choose a more interoperable signing algorithm.” maybe just drop the word “signing” (and I might say “secure and interoperable”) Also, “algorithms with stronger cryptographic strengths” sounds odd. Maybe “algorithms with more cryptographic strength”? Or maybe “stronger cryptographic algorithms”? _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
