On 30/07/2024 09.41, libor.peltan wrote:
Anyway, it can realistically take decades before any new algorithms seize some good portion of DNSSEC. In other words, that flag day has already silently passed.
I don't think that's a helpful point in time. I assume the main target of this RFC is defending against intentional DoS attacks, and the attackers will choose what's best for them. That is, the usefulness horizon here would be when all other algorithms can be reasonably marked as unsupported by validators, so that's even further in future. (but the achievable length is hard to predict, depends on motivation of various parties)
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
