No, it would cause insecure to be returned for the planet. Insecure is not a resolution failure. -- Mark Andrews
> El 13 sept 2025, a las 16:04, Wes Hardaker <[email protected]> escribió: > > Philip Homburg <[email protected]> writes: > >> We have two sentences. The first decribes how RSHSHA1* is in active >> use and has to be supported by validating resolver implementations. >> >> The second sentence says that operators have to disable support for >> RSHSHA1*. > >> I'm not sure who is going to be happy with this document. Software vendors >> have to support algorithms that operators are instructed to disable. Why? > > That is correct and by design. Because we're in the process of > switching it off, but not yet at the place where we can totally remove > it from implementations. Thus, the guidance is to operators to say > "stop using this" but for implementations, until the operators actually > really finally do stop, it needs to keep its implementation status as > available. > > This is an annoying state to be in certainly, but the alternatives would > cause resolution failures for at least a small fraction of the planet. > >> There is another inconsistency that is not resolved. The IANA considerations >> has the following: > > I read your description of the problem, but don't think there is one > based on your description. So I'll come back and read it again later > once I'm less jet-lagged. > -- > Wes Hardaker > Google > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
