I agree with Joe's advice to limit the spec to what you need to interoperate. It's a good idea to allow algorithm rollover, but I don't think it's useful to try and guess how people might implement it, or to try to invent a way to send back failure reports.
>NEW: > >4.1. Verifying Multiple Digests > > If multiple digests are present in the zone, e.g., during an > algorithm rollover, at least one of the recipient's supported Digest > Type algorithms MUST verify the zone. I don't see how that's a MUST. What else could you do? > If multiple digests are present in the zone, it is up to the > recipient to decide how many to check. The zone digest is valid > if at least one of the digests can be verified. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
