On Feb 29, 2024, at 20:33, Arnold DECHAMPS <arn...@adechamps.net> wrote:
> 
> 
> Is it still a concern enough that they justify continuing using those tags 
> instead of the full key?

The full key is not there. There is only a key tag. Are you proposing a wire 
format change to DNSSEC that puts the full key there? That would be hard and 
slow to deploy and use up value bytes of the limited +/- 1400 bytes.

> Wouldn't that limit the risk of collision?

At a price, yes.

Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to