On 22/03/2022 09.56, Nils Wisiol wrote:
There was some internal discussion about using 17 vs 253, with the main argument for 253 being that this is the intended use case for 253 and the main argument for 17 being that worry that some resolver implementations could have special treatment for private algorithm numbers.
17 seems a little risky in the sense that it might get officially allocated in the next couple of years, even if you don't care about colliding with other experiments.
Knot Resolver does not have any special-casing here, I believe. Anything above 16 should always be unsupported algorithm, so downgraded to insecure (if no other supported combination is in the DS set).
--Vladimir | knot-resolver.cz _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
