Another thought on the below ...
On 5/2/24 09:42, Philip Homburg wrote:
The IETF is not the protocol police so it seems unlikely that signers are
going to suddenly remove all traces of SHA1 signing and leave their users
in the dark.
Independently of SHA-1, it's a reasonable use case to be able to perform an
algorithm rollover away from a deprecated algorithm, without going insecure.
So, as long as the standards do not prohibit validation with a certain
algorithm, it seems like signing with it for transition purposes should be
admissible.
How about we add a sentence to rfc8624-bis saying that
"MUST NOT" in the context of the "Recommended for DNSSEC signing" column
does not apply while actively preparing orperforming an algorithm
rollover
away from that algorithm.
This would
(1) enable this use case;
(2) give implementers a good reason to not kill the actual implementation,
but rather turn it off / put warnings there / require an extra setting / ...
Best,
Peter
--
https://desec.io/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
