[dns-operations] .edu domain algorithm recommendation
Doug Barton
dougb at dougbarton.us
Tue Aug 17 17:53:37 UTC 2010
[ snippage ]
On 08/17/2010 04:17, Rose, Scott W. wrote:
> RSA/SHA-256 is relatively new, so not a lot of validators understand
> it yet. It's considered superior (NIST recommends it over RSA/SHA-1
> for PKI), but there is a lot of older code out there that doesn't
> understand it. To those resolvers, your zone would be provably
> insecure - just like traditional DNS.
... and the root.
> - there isn't enough validation to really justify starting with an
> older algorithm.
+1
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
More information about the dns-operations
mailing list