On Sat, 20 Apr 2024, Peter Thomassen wrote:
The authors certainly don't insist, but we'd need to pick a suitable
replacement for the "_signal" label.
John proposed "_dnssec-signal" elsewhere in this thread.
The authors would like to note that adding "_dnssec-" eats up 8 more bytes,
increasing chances that bootstrapping will fail due to the
_dsboot.<domain-name>._dnssec-signal.<nsname> length limitation. Other than
this (unnecessary?) use case narrowing, this choice seems fine.
That said, does this choice address your concerns?
It would, but I would also be okay if it is just _dnssec.
The main question then is to get implementations updated. I'm thus copying a
few implementers so they can comment w.r.t. making this change in their
implementation. I suppose that barring their objections, it's fine to go
ahead?
I feel less sympathy there because I brought this up a long time ago :)
But also, implementations are all young and new and I think it is still
pretty easy to change.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop