I would propose not removing support for SHA1 based signatures. But
maybe renaming the algorithm name to DEPRECATED-RSASHA1. It would
require some change from the user and he or she could not ignore there
is some change. But for some intentional usage, such as signing
rootcanary.org test subdom
Hello Paul,
I am aware Red Hat is not loved for the way, how the disabling of
RSASHA1 algorithm were handled in our products, especially Red Hat
Enterprise Linux 9.
While primary target of our crypto people were disallowing SHA-1 usage
in TLS channels and signatures of documents, I think the
Moin!
On 12 Nov 2024, at 22:41, Warren Kumari wrote:
> On Tue, Nov 05, 2024 at 1:26 PM, Mark Nottingham <
> mnot=40mnot@dmarc.ietf.org> wrote:
>
>> Hi DNSOP,
>>
>> Public DNS resolvers (such as 1.1.1.1, 8.8.8.8, and others) are
>> increasingly subject to requirements to censor responses flowi
I believe the document is ready, please find some comments.
3. DNS Filtering Techniques and Their Limitations
1 and 2 do not work with DNSSEC is my primary concern and probably
this needs to be mentioned.
3 and 4. in my opinion could be merged.
section 4.
I am wondering if there is a recommen
On Tue, Nov 05, 2024 at 1:26 PM, Mark Nottingham <
mnot=40mnot@dmarc.ietf.org> wrote:
> Hi DNSOP,
>
> Public DNS resolvers (such as 1.1.1.1, 8.8.8.8, and others) are
> increasingly subject to requirements to censor responses flowing through
> them. When this happens, it's important to be trans
