> On Jul 26, 2024, at 20:02, Paul Wouters <[email protected]> wrote: > > > >> On Jul 26, 2024, at 16:08, Mark Andrews <[email protected]> wrote: >> >> >> Even if we where to go with one failure is allowed we still need to >> write down the new rules and there will be complaints that we are >> retrospectively changing the rules. This is grand fathering in the >> old rules for the old algorithms. > > Write a BCP, not a standard disallowing key id clashes. > > Paul > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected]
+1 to that Most of the problems that resolvers have, are direct result of “bad practices” by zone publishers, stop putting more rules on resolvers and give them “fig leafs” to reject early. In this case the only real solution at protocol level is to say “Zone with alg+keyTag collision SHOULD/MUST be treated as BOGUS. Grumpy _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
