On Thu, Mar 27, 2014 at 01:15:00PM -0700,
Nicholas Weaver <[email protected]> wrote
a message of 75 lines which said:
> But fixing this going forward requires a 1-line change in the ZSK
> script:
I have nothing against longer keys but this sort of sentences ("DNSSEC
is simple, anyone can do it in five minutes") is a sure way to inflame
me. It is not sufficient to change the script, you also have to search
if it can break things later. A typical example would be the larger
response to the DNSKEY query. If changing the key size make it larger
than the MTU, it _may_ create problems.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
