Deprecating DNSSEC algorithms 5 (RSASHA1) and 7 (RSASHA1-NSEC3-SHA1)
Viktor Dukhovni calls for migrating away from DNSSEC algos 5 and 7 (RSA with SHA1), as SHA1 is now damaged.
Presently, the DANE survey database shows ~230 thousand domains using algorithms 5 and 7. It would be great to see this number substantially reduced over the coming months.
Get instructions on how to migrate a DNSSEC algorithm:
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!