Peter van Dijk <[email protected]> wrote:
> On Tue, 2020-05-26 at 09:10 +0200, Ondřej Surý wrote:
> >
> > 1. Bit 7 of the Flags fields needs to be 0.
>
> Definitely [...] I noted earlier that whatever flags we might need, it's
> definitely *not* ZONE and SEP.
>
> > 2. This needs a new Protocol number
>
> I understand why you would say that, but I'd love to avoid doing that.
> I wonder how much 'IETF' pain specifying another protocol number would
> be, but what worries me more, ironically, is how it changes the format
> away from normal DNSSEC. The draft was written such that a lot of
> existing software needs no changes at all - I don't know if changing
> the protocol number is compatible with that goal.
This made me wonder if this pseudorecord should be a KEY instead, and then
I wondered how hard it would be to persuade existing code to generate a DS
from a KEY.
But anyway, this signalling and verification scheme sounds clever and neat.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Southeast Iceland: Southwesterly 5 to 7 at first in north, otherwise southerly
3 to 5. Moderate or rough, becoming moderate later. Drizzle and fog patches
later. Moderate or good, occasionally very poor later.
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
