Hi, I was wondering about RFC9276 which says: "SHOULD NOT use salt", while RFC5155 section 7.1. says:
"If a hash collision is detected, then a new salt has to be chosen, and the signing process restarted." Now I know it is *very* unlikely to see a collision when signing a zone, but is this perhaps the reason why the iterations count MUST be 0, while a salt SHOULD NOT be used, so that a salt remains legal to use? If so, it would be nice to mention that reason, maybe in an errata (if extra explanation is allowed to be added in an errata). Are there maybe other considerations why one is a MUST and the other a SHOULD NOT? Thanks, -Otto _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop