[dns-operations] thoughts on DNSSEC
Chris Thompson
cet1 at cam.ac.uk
Wed Jul 25 14:08:13 UTC 2012
On Jul 25 2012, Francis Dupont wrote:
> In your previous mail you wrote:
>
>> What about always using both types of DS record? Why does everyone
>> publish both SHA-1 and SHA-256 digests? RFC 4509 is more than 6
>> years old.
>
>=> in fact perhaps it is the right time to jump to SHA-256 only?
One data point: of 89 TLDs with DS records in the root zone,
5 use type 1 (SHA-1) only [they are BR, MM, NA, PR, TH]
47 use both types 1 and 2
37 use type 2 (SHA-256) only
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list