[Dnssec-deployment] Is RSASHA256 mature enough for a TLD?

Joe Abley joe.abley at icann.org
Fri Jun 11 16:36:19 EDT 2010

On 2010-06-11, at 15:51, Edward Lewis wrote:

> I'm looking for the conventional wisdom on whether we should use 
> RSASHA1 or RSASHA256 for our next zone to sign.  Trying to avoid 
> starting a key mgt instance on RSASHA1 and then having to roll to 
> RSASHA256 in the near future.
> I see the DURZ uses RSASHA256...but no one can validate it for some 
> reason. (;))

ARPA also uses RSASHA256.


More information about the Dnssec-deployment mailing list