Deprecating DNSSEC algorithms 5 (RSASHA1) and 7 (RSASHA1-NSEC3-SHA1)

Viktor Dukhovni calls for migrating away from DNSSEC algos 5 and 7 (RSA with SHA1), as SHA1 is now damaged.

Presently, the DANE survey database shows ~230 thousand domains using algorithms 5 and 7. It would be great to see this number substantially reduced over the coming months.

Get instructions on how to migrate a DNSSEC algorithm:

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!