Even if we where to go with one failure is allowed we still need to
write down the new rules and there will be complaints that we are
retrospectively changing the rules. This is grand fathering in the
old rules for the old algorithms.
Write a BCP, not a standard disallowing key id clashes.
Right. We all know that flag days never happen, so that resolvers will
always have to include too many keytags or signatures in the list
of things to limit the work. So remind people that there's going to be a
limit, and if you are smart your zones won't go anywhere near it, and move
on.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
