> On 10 Oct 2022, at 20:17, Brian Dickson <[email protected]> wrote: > > One question about the third iteration itself that I have: Is the mandatory > element "3" (the protocol field in DNSKEY record) related to this being the > third iteration?
It is not. RC 3445 explains it in detail, and closes the KEY (and DNSKEY) protocol registry. These values indicate that a KEY could be used for various applications. IIRC 1 was for email, 2 for IPSEC, 3 for DNSSEC, 4 for TLS. The issue was (again iirc) that multiple application keys and DNSSEC keys at an APEX would increase the response size to a level that would require fallback to TCP. Since application keys could simply have their own RRTYPE, this sub typing was unnecessary. Roy _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
