On 22 Oct 2021, at 12:13, Wes Hardaker wrote:
Peter van Dijk <peter.van.d...@powerdns.com> writes:
It remains to be debated whether these ideas that you shouldn't use
unless you have to should eventually be published as an RFC.
I'm torn on this one. Sometimes going insecure is what has to happen,
and for those cases, operational guidance is good to have.
Thanks Peter. I agree completely on the "I'm torn" feeling.
We can’t ignore the fact that going insecure in order to do a DNSSEC
algorithm rollover happens and sometimes happens in ways that results in
errors. Having a documented way that will cause the least amount of
headaches seems wise. Domain operators may do it regardless of the
caveats in place, but hopefully do it without causing resolution
failures.
Scott
--
Wes Hardaker
USC/ISI
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdnsop&data=04%7C01%7Cscott.rose%40nist.gov%7Cf91f977e3829401ef3e508d995772211%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637705161201400214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Nf%2F3%2BZBS3%2BLUjRXXkC7ROPbRowvA0u079Fz%2Fgr9FdIk%3D&reserved=0
=================
Scott Rose, NIST/CTL
scott.r...@nist.gov
ph: +1-301-975-8439
GVoice: +1-571-249-3671
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
