On Sun, 2020-05-24 at 17:36 -0400, Paul Wouters wrote: > I thought using keytag 0, which cannot happen normally, would allow > you to leave algorithm and other values more real.
This comment made me curious. Why would that be true? So I generated 524726 keys equally split between algorithms 8, 13, and 15. The result: 2 algo 13 keys with tag 0, 7 algo 15 keys with tag 0. I've pasted them at https://gist.github.com/Habbie/feb0bf288ea1137bee5a2c3d8913ba7f (happy to provide the related private keys if anybody cares). None for RSA, though, which I bet was predicted in the work behind https://indico.dns-oarc.net/event/22/contributions/315/attachments/316/555/Quest_for_the_missing_keytags.pdf and https://ripe78.ripe.net/presentations/5-20190520-RIPE-78-DNS-wg-Keytags.pdf Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
