On Oct 12, 2024, at 09:20, Steve Crocker <st...@shinkuro.com> wrote: > You wrote, "You cannot use two algorithms to sign or delegate at the same > time." If there are two or more independent signers for a zone -- see RFC > 8901 -- then multiple algorithms might be in use at the same time. > > I think there is some wording that says the algorithms must be the same, I > believe there is an effort to remove that restriction. If there are multiple > signers, each of them will likely change the algorithm it uses, so it's > necessary to permit the concurrent use of distinct algorithms.
This would mean that the draft's use of "MUST" means "MUST be one of these". If so, that should be stated. But even if that is so, it still contradicts the idea there can be both MUST and RECOMMENDED or MAY in the column. > With respect to MUST, etc., I'm not a big fan of these designations in this > context, but the terms are deeply embedded in the RFC culture and impossible > to avoid. That said, both 8624-bis and our lifecycle document anticipate > there may be multiple acceptable algorithms to use at any one time. Indeed, > in order to support transitions from one algorithm to another, use of > multiple algorithms concurrently is necessary. If those words don't work for us, then we can make up different words. Or use symbols that translate to rules that are not inherently self-contradictory. --Paul Hoffman _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
