We should stop using the expression “algorithm roll”. It’s add an additional algorithm and remove an algorithm. The two events can take place years apart.
Neither of these is really scary. It’s calling it a “roll” that makes it scary. -- Mark Andrews > On 9 Jul 2025, at 22:54, Paul Wouters <p...@nohats.ca> wrote: > > On Jul 9, 2025, at 04:03, Mark Andrews <ma...@isc.org> wrote: >> >> >> >> BIND has had code to prevent collisions in single signer scenarios since the >> very beginning. It also has the ability to specify key tag ranges that >> multi-signers can use to prevent key tag collisions between independent >> key generators. > > Awesome ! Do our multi signer drafts/RFC have this advise too? > >> One could deprecate all existing algorithms the moment replacement code >> points >> exist. Code point changes don’t take long to deploy. > > I think operators in general prefer eating a container of vegemite over doing > an algorithm rollover. 😀 The big operators will be fine but the smaller ones > will strongly avoid this as long as possible. > > Paul _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
