On Thu, Sep 02, 2021 at 11:15:32AM +1000, Mark Andrews wrote:
> The primary reason that it is per algorithm is that validators and
> signers are not required to support the same sets of algorithms and
> if you want validation to work for everyone the zone has to be fully
> signed for each algorit
The primary reason that it is per algorithm is that validators and
signers are not required to support the same sets of algorithms and
if you want validation to work for everyone the zone has to be fully
signed for each algorithm that you state that it is signed for, i.e.
published in the DS RRset
On Wed, Sep 01, 2021 at 03:04:56PM +0100, Tony Finch wrote:
> raf via bind-users wrote:
> > On Mon, Aug 30, 2021 at 10:13:05AM -0700, Chris Buxton
> > wrote:
> >
> > > What algorithm(s) are you using for ZSK and KSK? If they’re not the
> > > same algorithm, then both will be used to sign the e
raf via bind-users wrote:
> On Mon, Aug 30, 2021 at 10:13:05AM -0700, Chris Buxton
> wrote:
>
> > What algorithm(s) are you using for ZSK and KSK? If they’re not the
> > same algorithm, then both will be used to sign the entire zone.
>
> Just out of curiosity, why is that?
> Isn't having the KSK
4 matches
Mail list logo
