Hi Duane, On Tue, 2020-07-14 at 22:13 +0000, Wessels, Duane wrote: > Hi Peter, > > While I remain neutral as to whether or not ds-dot-signal-and-pin is a good > idea overall, you can count me as one that thinks flags=257 is a bad idea. I > don't think anything in 403[345] say that flags can be interpreted > differently depending on the algorithm or on the value of the Zone Signing > column.
I agree, there is no 'legal' basis there, and our document aims to avoid needing any new legal basis (or, rephrased, we aim to avoid updating any existing RFCs if we can). I wanted to put 257 in -01 exactly to get some more feedback on the choices we have there. An informal small scale survey around a few registrars with extensive experience in a lot of TLDs suggested that 0 would not go over well, but we don't actually have a lot of data. (We are collecting data at https://github.com/PowerDNS/parent-signals-dot/issues/22 if anybody wants to chime in with more facts). I would also much prefer flags=0. > The document uses the phrase "DNSKEY algorithm" very often but I think you > really mean DNS Security Algorithm (or just algorithm). For example, > > more than one DS record with DNSKEY algorithm TBD > > is better as just > > more than one DS record with algorithm TBD Thanks! We've noted this at https://github.com/PowerDNS/parent-signals-dot/issues/37 and will improve the wording for -02. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
