On Mon, 2022-03-21 at 19:32 +0000, Paul Hoffman wrote: > On Mar 21, 2022, at 11:34 AM, Wessels, Duane > <[email protected]> wrote: > > Is it in response to the DNS-OARC talk we saw about implementing PQC Falcon > > in PowerDNS, and they used the next unused algorithm number rather than a > > private algorithm? > > Nils could have picked 253 but probably didn't even think of looking down to > the bottom of the list. He was just following the time-honored pattern in the > IETF. :-)
(I am not speaking for Nils, to be clear.) 253 is not for experiments - it is for private production. It requires (as most of you might know) prefixing DNSKEY content with a private algorithm specifier that looks like a domain name (or, for 254, with a OID). This means if you were to use it for an experiment, your DNSKEY content, and thus signer and validation code, would need to be changed when you get a number assigned. So, Paul, I support the idea behind your draft, but not the current wording. While more 253-like points might be somewhat useful, what we really need are experimental code points with non-253 semantics. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
