On Fri, 2020-05-29 at 11:31 -0400, Paul Wouters wrote: > > Note for DNSKEY algorithm, we could use 253 or 254: > > https://tools.ietf.org/html/rfc4034#appendix-A.1.1 > > DNS software might already support ignoring these algorithms without > adding too much noise to the DNSSEC validation process of having > "wrong" DNSKEY's.
PowerDNS does nothing specific for those numbers. A quick grep of the Unbound codebase suggests the same there. I wouldn't expect any noise from unknown algorithms - have you seen otherwise? Furthermore, 253 and 254 are specifically targeted at people/organisations/groups that do not want/cannot afford/... an IANA registration. In other words, people that don't want to go through the RFC process. I don't think that's the path we want to be going down here :) Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy