On Feb 29, 2024, at 20:33, Arnold DECHAMPS <arn...@adechamps.net> wrote: > > > Is it still a concern enough that they justify continuing using those tags > instead of the full key?
The full key is not there. There is only a key tag. Are you proposing a wire format change to DNSSEC that puts the full key there? That would be hard and slow to deploy and use up value bytes of the limited +/- 1400 bytes. > Wouldn't that limit the risk of collision? At a price, yes. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop