In your letter dated Mon, 04 Aug 2025 10:34:48 -0700 you wrote: >It came from this PR from Tim: > >https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-must-not-sha1/pull/11/files > >Which was done in order to make the sha1 draft match the gost draft's wording.
That may have been a mistake. With Ghost, It is perfectly fine to treat zones as insecure. However, as the draft says "Validating resolver implementations ([RFC9499] section 10) MUST continue to support validation using these algorithms as they are diminishing in use but still actively in use for some domains as of this publication." _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
