Change fallback for digest algorithm in dnst key2ds from SHA-1 to SHA-256?

NLnetLabs / dnst

A DNS administration toolbox including re-implementations of important ldns programs

BSD 3-Clause "New" or "Revised" License

2 stars 2 forks source link

Change fallback for digest algorithm in dnst key2ds from SHA-1 to SHA-256? #32

Open mozzieongit opened 5 days ago

mozzieongit commented 5 days ago

Is using SHA-1 as the fallback a good idea? If new algorithms were to get introduced and we forget to update the above list, they would fallback to using SHA-1, right?

_Originally posted by @mozzieongit in https://github.com/NLnetLabs/dnst/pull/2#discussion_r1820792987_

Regarding https://github.com/NLnetLabs/dnst/blob/main/src/commands/key2ds.rs#L224-L235

tertsdiepraam commented 5 days ago

Alternatively, we could remove the fallback altogether, asking the user to pick something