[dns-operations] .edu domain algorithm recommendation

Doug Barton dougb at dougbarton.us
Tue Aug 17 17:53:37 UTC 2010

[ snippage ]

On 08/17/2010 04:17, Rose, Scott W. wrote:

> RSA/SHA-256 is relatively new, so not a lot of validators understand
> it yet.  It's considered superior (NIST recommends it over RSA/SHA-1
> for PKI), but there is a lot of older code out there that doesn't
> understand it. To those resolvers, your zone would be provably
> insecure - just like traditional DNS.

... and the root.

> - there isn't enough validation to really justify starting with an
> older algorithm.




	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/

	Computers are useless. They can only give you answers.
			-- Pablo Picasso

More information about the dns-operations mailing list