also +1. if we define them beyond deprecated to REMOVED then we get some confidence its the pool of dead code who remain at risk, should threats emerge.
if we leave them in validation, we can't tell if 'modern' technology is exposed to risk we didn't understand as attacks get better. RC4 got removed from browsers. RC4 got removed from OpenSSH. I know we're a different crypto use-case, but I think we should reflect on this. -G On Mon, Mar 27, 2017 at 4:10 PM, Jim Reid <j...@rfc1035.com> wrote: > >> On 27 Mar 2017, at 20:45, Paul Vixie <p...@redbarn.org> wrote: >> >> all code has bugs, eventually. or at least, there is no >> existence proof to the contrary, and also, no reason to suspect >> otherwise. so, code that is not used will not be reviewed or maintained. >> it's a risk, just by existing. > > +1. The most reliable and safest code is the code that isn't there. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop