26 Sep
2023
26 Sep
'23
9:43 a.m.
Viktor Dukhovni ietf-dane@dukhovni.org writes:
Many RedHat systems no longer support the SHA1 DNSSEC algorithms 5 and 7 and your domain is "insecure" for validating resolvers running on these systems.
This was a Redhat specific bug affecting validating resolver operations. It should be fixed by https://access.redhat.com/errata/RHBA-2022:8279
RSASHA1 validation is not optional. It's still a MUST: https://datatracker.ietf.org/doc/html/rfc8624#section-3.1
(and anyone who believe that's wrong should work to update the standard, not violate it. You'd think players like Redhat knew that)
Bjørn