It would look like a regular DS. The only difference would be that the first 
byte of the digest would contain the sub type.   This is just internal 
structure of the digest. 
-- 
Mark Andrews

> On 18 Jul 2024, at 14:11, libor.peltan <libor.pel...@nic.cz> wrote:
> 
> Hi,
> 
> Dne 17. 07. 24 v 2:18 Mark Andrews napsal(a):
>> It is possible to have only burn a single DS Digest Type Algorithm and 
>> support
>> multiple future algorithms by encoding the actual DS Digest Type Algorithm as
>> the first byte of the current digest field.
> 
> This is certainly possible, but I think both approches have their 
> dis/advantages.
> 
> I guess having the dry-run DS and regular DS look equivalent would be more 
> comprehensible to DNSSEC beginners.
> 
> I seem to remember this discussion has already been performed. If the authors 
> considered both approaches and decided for the burning-algorithm method, they 
> might want to summarize the arguments in the draft.
> 
> Libor
> 

_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org

Reply via email to