[dns-operations] SHA-1 and DNSSEC validation

Tony Finch dot at dotat.at
Fri Feb 14 17:29:58 UTC 2020


I've posted a follow-up to my article last month about SHA-1 chosen prefix
collisions and DNSSEC. This discusses DNSSEC validation:

https://www.dns.cam.ac.uk/news/2020-02-14-sha-mbles.html

Summary:

DNSSEC validators should continue to treat SHA-1 signatures as secure
until DNSSEC signers have had enough time to perform algorithm rollovers
and eliminate SHA-1 from the vast majority of signed zones.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Viking, North Utsire, South Utsire, Forties, Cromarty: Southerly 6 to gale 8,
occasionally severe gale 9 except in South Utsire, veering southwesterly 4 to
6 for a time. Rough or very rough, occasionally moderate. Rain or showers.
Good, occasionally poor.


More information about the dns-operations mailing list