Hi dnsop, Yorgos, Willem, Roy,
I really like this idea of dry-run DNSSEC. I think it could really help
new DNSSEC adopters.
The evidently weird thing of the proposal is the displacement of DS
digest field into the first byte of DS hash field, in order to free up
space for dry-run signalling. This will cause difficulties in human
readability of resulting DS. The obvious counter-proposal would be to
simply take the most-significant bit of the DS digest field (set to 1
for dry-run), which would take 128 of available DS digest numbers
(instead of just one), but wouldn't otherwise introduce any
inconsistencies in DS format. As only four are taken so far, it seems
viable to me.
Should we (dnsop) discuss this specific matter, or even poll?
Thanks,
Libor
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
