[dns-operations] SHA-1 (algs 5 and 7), planning to switch to something non-deprecated?

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Jan 29 06:33:15 UTC 2020


Are any DNS operators reading this post, especially those hosting many
customer domains currently signed with DNSKEY algorithms 5 or 7 (really
anything less than 8), planning to move to 13, 8 or 10 in the near
future (<= 90 days)?

I was hoping to start seeing a decline in the number of domains using
the deprecated algorithms and it's not happening as yet at any
noticeable scale.  This of course takes time to plan and execute, so
perhaps I am worried too early, but if folks are planning to continue
along as before, I am curious why and for how long...

-- 
    Viktor.



More information about the dns-operations mailing list