> On 13 Aug 2022, at 13:48, Mark Andrews <ma...@isc.org> wrote:
>
> So you are ready to replace SHA1 in NSEC3 and do a second algorithm renumber
> which is what is required to actually get rid of SHA1 or do you mean retire
> RSA-SHA1.
Neither. I said the I-D needs to say something about not using crypto reliant
on SHA1 for either signing or validation. That doesn't have to mean the code
points for RSA-SHA1 (or whatever) have to go away. They could/should remain in
the IANA register alongside a note saying "don't use these", like we eventually
did with RSA-MD5. If "don't use SHA1 ever" means changes for NSEC3 are needed,
so be it. If we agree on "don't use SHA1, except for *NSEC3-SHA1" that might be
OK. Though that may need further thought and analysis if SHA1 hash collisions
pose a real threat to the integrity of NSEC3.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop