On 3/16/2017 12:38 AM, Doug Barton wrote:
I can't help finding this discussion funny, as I proposed prior to the
-bis docs that we make RSA-SHA256 mandatory, and SHA1 optional; for
the simple reason that it was overwhelmingly likely that the root
would be signed with the former, making it as cl
I can't help finding this discussion funny, as I proposed prior to the
-bis docs that we make RSA-SHA256 mandatory, and SHA1 optional; for the
simple reason that it was overwhelmingly likely that the root would be
signed with the former, making it as close to mandatory to implement as
possible
On 3/15/2017 6:26 AM, Roy Arends wrote:
In the spirit of being constructive, we (Jakob Schlyter, Matt Larson and I)
have written a small draft (draft-arends-dnsop-dnssec-algorithm-update) that
does two things:
it changes RSASHA1 from “Must Implement” to “Recommended to Implement”.
(RSASHA1 is