[DNSOP] New Version Notification for draft-fanf-dnsop-sha-ll-not-00.txt (fwd)

[Tony Finch <dot@dotat.at>]

The aim of this is to deprecate SHA-1 algorithms 5 and 7 more vigorously.
I've put in a fairly specific timetable for sake of argument, basically to
set up the death of SHA-1 as next year's DNS "flag day", unless some
clever cryptanalysis forces it to happen sooner.

I'm afraid it's a rough first pass: I haven't given it a read-through
and cleanup, because watching Flash Gordon was more fun.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
ALL CREATURES WILL MAKE MERRY UNDER PAIN OF DEATH

---------- Forwarded message ----------
Date: Mon, 09 Mar 2020 15:55:05 -0700
From: internet-drafts@ietf.org
To: Tony Finch <dot@dotat.at>
Subject: New Version Notification for draft-fanf-dnsop-sha-ll-not-00.txt


A new version of I-D, draft-fanf-dnsop-sha-ll-not-00.txt
has been successfully submitted by Tony Finch and posted to the
IETF repository.

Name:		draft-fanf-dnsop-sha-ll-not
Revision:	00
Title:		Hardening DNSSEC against collision weaknesses in SHA-1 and other cryptographic hash algorithms
Document date:	2020-03-09
Group:		Individual Submission
Pages:		18
URL:            https://www.ietf.org/internet-drafts/draft-fanf-dnsop-sha-ll-not-00.txt
Status:         https://datatracker.ietf.org/doc/draft-fanf-dnsop-sha-ll-not/
Htmlized:       https://tools.ietf.org/html/draft-fanf-dnsop-sha-ll-not-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-fanf-dnsop-sha-ll-not


Abstract:
   DNSSEC deployments have often used the SHA-1 cryptographic hash
   algorithm to provide authentication of DNS data.  This document
   explains why SHA-1 is no longer secure for this purpose, and
   deprecates its use in DNSSEC signatures.  This document updates RFC
   8624.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat