On 2/9/24, 20:37, "Wellington, Brian" wrote:
>The behavior was never added into any standards document because it has
>nothing to do with the standard.
True - but still it created a situation where operators could get snagged on
something.
>If an implementation doesn’t support multiple keys wi
On 2/9/24, 22:05, "Mark Andrews" wrote:
>The primary use of the key tag is to select the correct key to validate the
>signature from multiple keys.
Yes - which is great if 1) you need to pare down the potential set of keys into
something you can handle (like, from 10's to 3) and 2) if you hav
On 2/9/24, 11:02, "pch-b538d2...@u-1.phicoh.com on behalf of Philip Homburg"
wrote:
> One of the misconceptions in DNSSEC is that the zone administrator
> is in control of the situation, dictating the state of signing,
> the cryptography in use, and so on. DNSSEC is for the benefit
I should have included this URL, pointing to the article (via Google Translate)
saying the outage was rooted in a key tag collision...
https://www.rbc.ru/technology_and_media/07/02/2024/65c38fea9a794752176bd3a0
On 2/12/24, 08:50, "Edward Lewis" wrote:
On 2/9/24, 20:37, "Wellington, Brian
Manu and I have now published a draft describing this "testing" flag:
https://datatracker.ietf.org/doc/draft-manuben-svcb-testing-flag/
While we think this is relevant to DELEG, it is entirely independent and could
be used in any SVCB setting (although it doesn't have any obvious utility for
HT
