Vladimír Čunát <vladimir.cunat@nic.cz> hat am 20. Mai 2018 um 00:16 geschrieben:

On 05/19/2018 11:50 PM, dptrash@arcor.de wrote:
> I am using ecdsap256sha256 as algorithm. Why does the KSK DNSKEY > (=257) use as digest type SHA1 (=1) and not SHA256 (=2)?
Technically, the DNSKEY algorithm is independent of the DS algorithm used on it, I believe, though some combinations make less sense than others.  Your example seems more of a question for jdnssec-tools - why they choose SHA1 and not another one.

--Vladimir