> On Dec 20, 2024, at 05:17, Shumon Huque <shu...@gmail.com> wrote:
>> On Wed, Dec 18, 2024 at 3:07 AM Peter Thomassen <pe...@desec.io> wrote:
>> Multi-signer capabilities on both systems are only needed if one can't
>> import the old system's signatures into the new one (e.g., when
>> online-signing), or if one wants to make zone changes during the transition.
>
> And yet, those are both critical features for many folks. It would certainly
> rule out many zones I operate - that use dynamic signing, and that are highly
> volatile (hundreds of updates per minute and where we cannot suspend updates
> for any period of time).
> Our protocol mechanisms should be able to address all possible use cases
> deployed in the field, not a subset.
I agree with Shumon. These are both common use-cases, particularly the latter,
and multi-signer mechanisms must accommodate them if they’re to be relevant.
-Bill
Please consider the environment before using AI to process this email.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
