On 26/07/2024 02:43, Paul Hoffman wrote:
There is a mismatch here. If the worry is an attacker creating colliding key
tags to cause more work, that attacker is simply going to ignore the MUST
requirement.
I believe the idea is that with that MUST in place, validators can error
out on collisions.
But I do want to see a flag day for validators (either failing on the
first or second collision) for all algorithms.
-- Yorgos
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
