On 2024-10-15 07:49 -07, Wes Hardaker <wjh...@hardakers.net> wrote: > Paul Hoffman <paul.hoff...@icann.org> writes: > >> In specific, "Use for DNSSSEC Signing" and "Use for DNSSSEC >> Delegation" do not make sense if there is more than one "MUST" in that >> column. You cannot use two algorithms to sign or delegate at the same >> time. > > Thank you for the analysis. I think there are three (obvious) paths forward: > > 1. Define what MUST means in the context for the Use columns. > 2. Use RECOMMENDED instead. > 3. Only allow a single MUST in the Use column because that's what we > want people to really use (which does sound more like a SHOULD). IE, > if we believe ideally there should be one cryptographic algorithm > deployed to simplify the deployed base, we could pick this route. I > doubt it would be popular though, as we already have a fractured > ecosystem and it is generally working. > > Feedback from the WG appreciated :-)
#2 makes sense to me. -- In my defence, I have been left unsupervised. _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
