[dns-operations] SHA-1 and DNSSEC validation
Tony Finch
dot at dotat.at
Fri Feb 14 17:29:58 UTC 2020
I've posted a follow-up to my article last month about SHA-1 chosen prefix
collisions and DNSSEC. This discusses DNSSEC validation:
https://www.dns.cam.ac.uk/news/2020-02-14-sha-mbles.html
Summary:
DNSSEC validators should continue to treat SHA-1 signatures as secure
until DNSSEC signers have had enough time to perform algorithm rollovers
and eliminate SHA-1 from the vast majority of signed zones.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire, South Utsire, Forties, Cromarty: Southerly 6 to gale 8,
occasionally severe gale 9 except in South Utsire, veering southwesterly 4 to
6 for a time. Rough or very rough, occasionally moderate. Rain or showers.
Good, occasionally poor.
More information about the dns-operations
mailing list