It would look like a regular DS. The only difference would be that the first byte of the digest would contain the sub type. This is just internal structure of the digest. -- Mark Andrews
> On 18 Jul 2024, at 14:11, libor.peltan <libor.pel...@nic.cz> wrote: > > Hi, > > Dne 17. 07. 24 v 2:18 Mark Andrews napsal(a): >> It is possible to have only burn a single DS Digest Type Algorithm and >> support >> multiple future algorithms by encoding the actual DS Digest Type Algorithm as >> the first byte of the current digest field. > > This is certainly possible, but I think both approches have their > dis/advantages. > > I guess having the dry-run DS and regular DS look equivalent would be more > comprehensible to DNSSEC beginners. > > I seem to remember this discussion has already been performed. If the authors > considered both approaches and decided for the burning-algorithm method, they > might want to summarize the arguments in the draft. > > Libor > _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org