[dns-operations] help with a resolution
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jan 10 18:07:02 UTC 2020
On Fri, Jan 10, 2020 at 08:09:20PM +0530, Mukund Sivaraman wrote:
> > > If there is a default, it should promptly change to 8 or 13.
> >
> > I will prioritize it.
>
> This work has been merged now in Loop, to match the recommendations of
> RFC 8624:
>
> * dnssec-keygen by default creates ECDSAP256SHA256 keys
> * dnssec-dsfromkey by default generates DS with SHA-256 and SHA-384 digests
> * dnssec-dsfromkey cannot be used to create DS with a SHA-1 digest
> * dnssec-keygen -3 argument has been removed (redundant with -a)
> * dnssec-dsfromkey -1 and -2 arguments have been removed (redundant with -a)
> * Documentation and tests were updated for the above
This is welcome news. Many thanks.
--
Viktor.
More information about the dns-operations
mailing list