https://tools.ietf.org/html/draft-wouters-sury-dnsop-algorithm-update-02
Paul Sent from my iPhone > On Nov 15, 2016, at 16:53, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > >> On Tue, Nov 15, 2016 at 12:22:18AM +0100, Ondřej Surý wrote: >> >> a new version of EDDSA for DNSSEC has been posted >> that resolves most if not all comments received >> during WGLC in curdle. This is one last chance >> to review the document, so don't miss it! :) > > My only comment is that I very much hope that the code-point > assignments for the new curves are accompanied by a deprecation of > at least as many obsolete algorithms that should no longer be used. > > Specifically, I'd like to see deprecation of algorithms: > > * 3 (DSA/SHA1) > * 5, (RSA/SHA-1, same as 7 but without possibility of NSEC3) > * 6 (DSA-NSEC3-SHA1, same as 3 with perhaps NSEC3, but both need to go) > * 12 (GOST R 34.10-2001) > except as required to meet any local regulations). > > If, while adding two new algorithms, we in parallel deprecate four > old ones, then we're making progress. > > -- > Viktor. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
