Hiya,
On 31/12/2020 21:48, Eric Rescorla wrote:
1. Don't allocate a code point at all
2. Allocate the code point but in some manner that makes clear
we don't endorse it (effectively what TLS does for algorithms
like this)
3. Allocate the code point without comment
FWIW, I kind of agree with ekr, both as to the options and on my current preference to not too easily loosen up for DNSSEC. That said, I wonder as to the actual deployment of algs that we'd not recommend, especially given the relative scarcity of DNSSEC signing. Does anyone have a pointer to survey-like material that has a focus on rarer algorithms in DNSSEC? One reason to ask is that from a first glance it looks to me like .ru isn't using gost, which would be telling, if correct. To be clear: I don't think spending much time debating how to handle algs for an infinitesimal number of zones is that worthwhile, so that'd be another reason to prefer the status quo, if that is the case. Thanks, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
