I meannnnnn it’s actually probably mostly fine. There’s some analysis basically concluding the known attacks against SHA-1 don’t really apply to DNSSEC, but, yea, not great.
Oddbean new post about login | logout