> On Jul 26, 2024, at 20:02, Paul Wouters <p...@nohats.ca> wrote: > > > >> On Jul 26, 2024, at 16:08, Mark Andrews <ma...@isc.org> wrote: >> >> >> Even if we where to go with one failure is allowed we still need to >> write down the new rules and there will be complaints that we are >> retrospectively changing the rules. This is grand fathering in the >> old rules for the old algorithms. > > Write a BCP, not a standard disallowing key id clashes. > > Paul > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org
+1 to that Most of the problems that resolvers have, are direct result of “bad practices” by zone publishers, stop putting more rules on resolvers and give them “fig leafs” to reject early. In this case the only real solution at protocol level is to say “Zone with alg+keyTag collision SHOULD/MUST be treated as BOGUS. Grumpy _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
