On 1 Mar 2024, at 16:44, Philip Homburg <pch-dnso...@u-1.phicoh.com> wrote:
>>> Wouldn't that limit the risk of collision? >> >> At a price, yes. > > Technically only a SHA-2 hash of the key would need to be there. If somebody > can create a SHA-2 hash collision then the world has bigger problems than > a DoS on DNSSEC validation. So really what you're suggesting is that we change the keytag algorithm to something that has a lower chance of collisions. It's a shame that the design of keytags didn't anticipate a need for algorithm agility. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
