Thanks Libor, I'm planning to create an overview of all the feedback and proposed solutions to our issues we've had since IETF113 (including your proposal), discuss that with the co-authors, and then post that to dnsop together with an announcement that we're working on this.
Cheers, -- Willem Op 30-03-2022 om 16:58 schreef libor.peltan: > Hi dnsop, Yorgos, Willem, Roy, > I really like this idea of dry-run DNSSEC. I think it could really help > new DNSSEC adopters. > > The evidently weird thing of the proposal is the displacement of DS > digest field into the first byte of DS hash field, in order to free up > space for dry-run signalling. This will cause difficulties in human > readability of resulting DS. The obvious counter-proposal would be to > simply take the most-significant bit of the DS digest field (set to 1 > for dry-run), which would take 128 of available DS digest numbers > (instead of just one), but wouldn't otherwise introduce any > inconsistencies in DS format. As only four are taken so far, it seems > viable to me. > > Should we (dnsop) discuss this specific matter, or even poll? > > Thanks, > Libor > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
