> And how is this different to migrating to IDKEY? The validator
> would need to support DS + IDDS + DNSKEY + IDKEY for a significant
> period. One can turn off support for algorithms without the new
> semantics. As for *SHA-1 many validators already treat those
> algorithms as unsupported.
I'm
> On 23 Jul 2024, at 12:51, Philip Homburg wrote:
>
>> The ANRW talk "Protocol Fixes for KeyTrap Vulnerabilities this
>> afternoon by Elias Heftrig, Haya Schulmann, Niklas Vogel, Michael
>> Waidner is proposing that there is a type roll for DS and DNSKEY.
>> I dont think this is needed. The on
> The ANRW talk "Protocol Fixes for KeyTrap Vulnerabilities this
> afternoon by Elias Heftrig, Haya Schulmann, Niklas Vogel, Michael
> Waidner is proposing that there is a type roll for DS and DNSKEY.
> I dont think this is needed. The only change actually need is to
> add a new requirement that s
