FWIW, This has been addressed in draft-03 although I just noticed that the last paragraph of 3.1.4.1. still needs a minor rewrite to reflect availability of SHA 256. (Now there is an inconstancy between giving references to the specs and saying one has to wait for availability).
On Mar 20, 2010, at 8:34 PM, Paul Wouters wrote: > On Sat, 20 Mar 2010, Olaf Kolkman wrote: > >> - http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/NSEC-NSEC3 > > That still states: > > "as well as no algorithm choice for SHA-256" > > That's been resolved now, see http://www.bind9.net/dns-sec-algorithm-numbers > RSASHA256 has DNSKEY algorihtm 8 and RSASHA-512 has alg 10. As far as I > know, these include NSEC3, though the registry contains no pointers for that. > > Is it noted anywhere that algorithms > 5 imply NSEC3 support? If not, should > we? > > Paul ________________________________________________________ Olaf M. Kolkman NLnet Labs Science Park 140, http://www.nlnetlabs.nl/ 1098 XG Amsterdam _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop