|
|
|||||||
| General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
 |
|
|
Thread Tools | Display Modes |
24th January 2020
|
|||
|
|||
[/!\] DNSSEC : dont use anymore SHA-1! [/!\]
Hi, all.
In 2020/01/17, the APNIC wrote an article about "SHA-1 prefix collisions and DNSSEC". If you manage yourself your(s) DNS zones with DNSSEC, and use SHA-1, change absolutly your config parameters and regenerate all yours KSK and ZSK keys. Segun the RFC 8624, the recommandations are: => for the DNSKey algorithms: - not less than RSASHA256, with 2048 bit keys. - or ECDSAP256SHA256 - the better is ED25519 or ideally ED448 => for the DS and CDS algorithms: - SHA-256 - or ideally SHA-384 source 
|
|
| Tags |
| collision, dns, dnssec, sha1 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| There's No Protection In High Ports Anymore, Son. If Indeed There Ever Was. | J65nko | News | 6 | 19th February 2013 01:54 AM |
| upgrade all ports while i sleep, dont bug me | xmorg | FreeBSD Ports and Packages | 3 | 23rd October 2011 03:39 PM |
| Can't passwd on all accounts anymore | ck2323 | FreeBSD General | 1 | 7th October 2009 03:28 AM |
| Printer dont take rights | mururoa | FreeBSD General | 3 | 5th October 2009 12:54 PM |
| sendmail dont boot | dejabu18 | FreeBSD Ports and Packages | 0 | 8th October 2008 02:07 PM |
Linear Mode
