On Fri, 2021-10-22 at 12:44 -0400, Rose, Scott W. wrote: > On 22 Oct 2021, at 12:13, Wes Hardaker wrote: > > > Peter van Dijk <peter.van.d...@powerdns.com> writes: > > > > > > It remains to be debated whether these ideas that you shouldn't use > > > > unless you have to should eventually be published as an RFC. > > > > > > I'm torn on this one. Sometimes going insecure is what has to happen, > > > and for those cases, operational guidance is good to have. > > > > Thanks Peter. I agree completely on the "I'm torn" feeling. > > We can’t ignore the fact that going insecure in order to do a DNSSEC > algorithm rollover happens and sometimes happens in ways that results in > errors. Having a documented way that will cause the least amount of > headaches seems wise. Domain operators may do it regardless of the > caveats in place, but hopefully do it without causing resolution > failures.
"Anything worth doing is worth doing well." I've been pondering whether this document would work, fully fleshed out, but never hitting RFC status - a web search would still find it. But then again, at least once a week I tell people "no, that's an expired draft, the WG did not want that" So, I'm starting to lean strongly towards publication. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
