On 2/13/19 3:51 AM, Alice Wonder wrote: > I see you are using algorithm 7 - I would recommend switching to > either algorithm 13 or at least to 8. > > Algorithm 7 uses a SHA1 hash. > > See https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update-04 > > That's a draft but soon will be an update to the standard. > > Algorithm 13 (ECDSAP256SHA256) results in much smaller keys and > signatures and is equivalent to about RSA-3072 in strength, and it > uses a SHA-256 hash. > > However note that changing algorithms will result in validation > failure for few days unless done carefully. Okay thanks. What ever problems it might cause I think the Alaskan Malamute Assistance League can deal with for a day or two. Seeing as I already caused a problem last weekend I see no reason not to repeat this weekend! But at least I can give some warning :) > As long as you don't change your KSK that information will not change. I kind of figured this out on my own this morning when I woke up around 7AM MST. I guess I wanted to turn a mole hill into a mountain. Thank you so much for your help Alice. -- Paul (ganci at nurdog.com) Cell: (303)257-5208