[dnsext] Signing the root with SHA-1 by Sep 1st
William Allen Simpson <william.allen.simpson@gmail.com> Sat, 08 August 2009 18:24 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43EA428C0E6; Sat, 8 Aug 2009 11:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwLv7YevW+EW; Sat, 8 Aug 2009 11:24:38 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 84F393A6A5F; Sat, 8 Aug 2009 11:24:37 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MZqVb-000Jsd-OY for namedroppers-data0@psg.com; Sat, 08 Aug 2009 18:19:11 +0000
Received: from [209.85.211.201] (helo=mail-yw0-f201.google.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <william.allen.simpson@gmail.com>) id 1MZqVY-000JsI-Cc for namedroppers@ops.ietf.org; Sat, 08 Aug 2009 18:19:09 +0000
Received: by ywh39 with SMTP id 39so467891ywh.32 for <namedroppers@ops.ietf.org>; Sat, 08 Aug 2009 11:19:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=aKv5czvxqIFPXNAorx80aJJ3CLXoWpeCHLPVKvuZwNM=; b=bjL343yEhsLuX2fFhmirT7oAbZD+hPDeRdhpRlGXWdiCH+/JW+Ne8iSKRWZJ6UEPaA xMBsWCwOxaVaOvd6EVTjdgHzvQgyUmSV/rAqXdYZAZlzB25CGNqStVKM/S3Ntq+xSY2z /bk8odWfuSsoOnRjMK2egDP1DT+uAhnrfVc5M=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=L3FPZW0B1+yuJdm/o+2yyVaWczMaKdOF8JjP3xelMofDpBsYyGBi+1MAlETKaELb72 lKI5kVJMPfXqgZlsQlaMlVl5FFGeHFh46fupBSSUFnnIbRwnZVqFKOiWhnpDd/NmAaVz aeZ1ZuvlXpf6fwvBu9Y9Hu6/PUT+4gOoMpWo0=
Received: by 10.90.67.20 with SMTP id p20mr2096121aga.63.1249755547491; Sat, 08 Aug 2009 11:19:07 -0700 (PDT)
Received: from Wastrel.local (c-68-42-73-61.hsd1.mi.comcast.net [68.42.73.61]) by mx.google.com with ESMTPS id 38sm6453129agd.9.2009.08.08.11.19.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 08 Aug 2009 11:19:06 -0700 (PDT)
Message-ID: <4A7DC199.9040700@gmail.com>
Date: Sat, 08 Aug 2009 14:19:05 -0400
From: William Allen Simpson <william.allen.simpson@gmail.com>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: namedroppers@ops.ietf.org
Subject: [dnsext] Signing the root with SHA-1 by Sep 1st
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
The original subject "Signing the root with SHA-1 or SHA-2" seems to have diverged, but after re-reading the thread, it seems there is fairly strong consensus to run with SHA-1, exercising algorithm rollover later. I'm proposing Sep 1st. My rationale is that educational institutions will be started, or ready to start shortly thereafter. They are already dealing with new students, and help desks will be able to give strong feedback on any problems. Likewise, many/most businesses will have their staff back from holidays. Finally, it's a Tuesday. I've always found it best to roll out changes on Tuesday, as it gives plenty of customer feedback time during the week. Mondays are often consumed with catching up on any operational problems over the weekend. Tuesday is better. 02:00 UTC is my favorite, although anytime after 00:00 UTC usually works OK. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] Signing the root with SHA-1 by Sep 1st William Allen Simpson
- Re: [dnsext] Signing the root with SHA-1 by Sep 1… Jeffrey A. Williams
- [dnsext] Re: Signing the root with SHA-1 by Sep 1… William Allen Simpson
- Re: [dnsext] Re: Signing the root with SHA-1 by S… Paul Vixie
- Re: [dnsext] Re: Signing the root with SHA-1 by S… bmanning