Mike Bishop via Datatracker <[email protected]> writes: Hi Mike,
Thanks for the comments. Some responses inline: > CURRENT: DNSSEC [RFC9364] originally [RFC3110] made extensive use of SHA-1 as > a > cryptographic hash algorithm in RRSIG and Delegation Signer (DS) records, for > example. CONSIDER: DNSSEC [RFC9364] originally [RFC3110] made extensive use of > SHA-1, for example as a cryptographic hash algorithm in RRSIG and Delegation > Signer (DS) records. > > "are now" => "have become" Changed! (your the second to suggest it, thanks) > Section 2: > > "MAY wish to" requires an RFC6919 reference (see > https://datatracker.ietf.org/doc/html/rfc6919#section-6) and associated > boilerplate. Instead, "MAY" is sufficient here. However, that seems in direct > contradiction to the MUST in the first sentence. Is the intended sense here > that implementations MUST retain the ability to validate, but SHOULD/MAY > disable it by default? The first sentence is in reference to implementers, and the second operators ("deployed"). So they are indeed different. I've dropped the "wish to" though. Thanks for pointing that out. -- Wes Hardaker USC/ISI _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
