Op 14 feb 2024 om 13:46 heeft Edward Lewis <edward.le...@icann.org> het volgende geschreven:
> On 2/14/24, 04:40, "DNSOP on behalf of Petr Špaček" <dnsop-boun...@ietf.org > on behalf of pspa...@isc.org> wrote: > >> In my mind this is good enough reason to outlaw keytag collisions - >> without them it would be _much_ easier to implement reasonable limits >> without risk of breaking legitimate clients. > > That would make key tags meaningful. ;--) > > The question is how, in a multi-signer friendly way. To be honest it feels like there as many opportunities for accidents by imposing restrictions on publishing duplicate keytags as there are by consuming them. Your text summarised a few of them quite nicely, Ed, without even considering the new opportunities for failure due to the interplay between systems following any new rules that might be imposed and those that don't. Is the triggering incident not just another cautionary note that we learn from? Why is this particular incident a sign that we need to change the protocol when so many others have not been? These seem like questions that deserve convincing answers before jumping ahead to how a new restriction might be structured. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
