It is time to move off DNSSEC algorithms 5 and 7, to 8 or preferably 13 (10 is also fine, but not widely used).

The recent chosen-prefix attacks on SHA-1 make algorithms 5 and 7 fragile when some zone data is from outside parties.


· Mastodon Twitter Crossposter · 0 · 0 · 0
Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!