In your letter dated Fri, 1 Mar 2024 15:42:49 -0500 you wrote: >Offlist because I don=E2=80=99t want to feed the flames, but: > >>=20 >> 2) Operators of validators don't want customer facing errors due resource >> limit constraits. So they set them generous enough that it works for >> real traffic. Nobody knows what happens during a new attack. >> 3) Some content providers are quite creative with the way they use DNS. >> So the limits need to high enough to accomodate them. > >Why do you give operators and content providers a freebie but not signers ?
That's not my intent. I think it is more that signers are less visible. A validator does not see how a zone is signed. A validator only sees the contents of the zone, not where the keys are located. So any resource contraints probably don't reflect what signers do other than to accomodate whatever shows up as the output. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
