https://bugzilla.mindrot.org/show_bug.cgi?id=3753
--- Comment #6 from Petr Menšík <[email protected]> --- Related: - https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/ - https://www.sidn.nl/en/news-and-blogs/algorithms-based-on-outdated-sha-1-cryptography-to-be-removed-from-dnssec-protocol Because DS records should not be used, I think SSHFP records should likewise avoid generating SHA1 digests of any key algorithms. For a good reason ssh-keygen -l does not print SHA1 digest. But can be enabled by ssh-keygen -l -E SHA1. I propose to do the same thing with SSHFP generators. Ideally it should also ignore SHA1 digest when SHA256 digest were fetched too. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
