> On 29 Feb 2024, at 07:59, Edward Lewis <[email protected]> wrote:
>
> On 2/27/24, 17:09, "DNSOP on behalf of John Levine" <[email protected]
> on behalf of [email protected]> wrote:
>
>> The kind of load is different but in each case the client needs to
>> limit the amount of work it's willing to do. We can forbid it in the
>> protocol but unless you have better contacts at the Protocol Police
>> than I do, people will do it anyway.
>
> I side with John Levine's line of reasoning, that the solution is defending
> against taking on too much work (in this case, the validator caps it's effort
> - in whatever way is appropriate). It would be futile to prevent key tag
> collisions from happening via a protocol change as a malicious actor is not
> bounded by specifications.
>
> If it is forbidden in the protocol, it might still happen.
Ed, your reasoning is off. The point of forbidding is to allow the validator
to safely stop as soon as possible when it is under attack.
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
