--- Begin Message ---
Eric Germann wrote on 2021-05-17 20:34:
> I have a question regarding multiple signings. I’ve seen some domains
> sign with multiple algorithms (8 and 13 specifically).
>
> How does a validating resolver choose which signature to use. First
> available? Stronger crypto? Both have to be valid through the chain?
> Random?
The resolver attempts validation of all signatures (for which it has
algorithm support) until it finds one that validates correctly. One
valid signature suffices.
Regards,
Matt
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
