On 26/07/2024 06:08, Paul Wouters wrote:
On Jul 25, 2024, at 17:50, Yorgos Thessalonikefs <yor...@nlnetlabs.nl> wrote:
But I do want to see a flag day for validators (either failing on the first or
second collision) for all algorithms.
No flag days. DNS on devices shouldn’t just start failing for no good reason
other than running software from before an arbitrary flag day. Can we please
stop proposing flag days in DNS.
Obvious simple counter measures have been proposed. Let’s just do that.
I agree to both actually.
Simple counter measures like failing after the first/second collision.
For the flag day for validators, it is going to push pressure on the
signing part.
Old validators will still do what they currently do but new ones can
fail after the simple countermeasure above.
Or do you refer to signing software when you are saying "DNS on devices"?
-- Yorgos
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
