On Feb 28, 2024, at 13:25, Mark Andrews <[email protected]> wrote: > The point of forbidding is to allow the validator to safely stop as soon as > possible when it is under attack.
If that is the point, why not just document that a validator is allowed to do that, such as if it sees three matching keytags? That seems much more direct. --Paul Hoffman _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
