Enough time has passed since the need to abandon SHA-1 has become more pressing to discern at least a couple short-term trend-lines.
alg7.pdf
Description: Adobe PDF document
alg5.pdf
Description: Adobe PDF document
It seems that algorithm 7 is indeed slowly trending down (it would be
good to see a larger downward slope), but unfortunately, the number of
algorithm 5 domains is actually growing.
* If you're continuing to sign new domains with algorithm 5, please
reconsider.
* If you have existing domains signed with algorithms 5 or 7, please
migrate to 8 or 13.
Separately:
* If you're managing one of the ~8k domains with 512-bit RSA keys,
please migrate to a more reasonable RSA key size or P256.
--
Viktor.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
