>On the other hand, if it issued annoying warning messages every time it >used a SHA1 key, I'd eventually notice and probably rotate the keys. > >I'm with Peter, I do not see a MUST NOT as requiring vendors or operators >to do stupid stuff.
For my understanding, do you mean to say that if we publish that a signer MUST NOT generate signatures using algorithms 5 and 7, then the signer can just do that if it generates and annoying warning each time you sign? To me that sounds more like a SHOULD NOT. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop