On 26/07/2024 02:55, Shumon Huque wrote:
On Thu, Jul 25, 2024 at 5:50 PM Yorgos Thessalonikefs
<yor...@nlnetlabs.nl <mailto:yor...@nlnetlabs.nl>> wrote:
On 26/07/2024 02:43, Paul Hoffman wrote:
> There is a mismatch here. If the worry is an attacker creating
colliding key tags to cause more work, that attacker is simply going
to ignore the MUST requirement.
I believe the idea is that with that MUST in place, validators can
error
out on collisions.
But I do want to see a flag day for validators (either failing on the
first or second collision) for all algorithms.
Yes, that possibility is listed in the draft too (require non colliding
key tags for existing algorithms too at some future flag date).
Indeed. Since it is phrased as a question in the document I wanted to
state my support!
-- Yorgos
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
