It appears that Philip Homburg <[email protected]> said: >At home, I sign some of my domains with shell scripts around ldns-signzone. >Those shell scripts do not avoid collisions. There is no easy way to avoid >collisions and I suspect something will go terribly wrong when a collision >occurs.
Like what? I also use the ldns scripts, and I don't see any problem if a KSK and ZSK happen to have the same tag. I do put the KSKs and ZSKs in different directories, so there isn't a filename collision problem, but that adds perhaps one line to the signing script. When keytrap came up last year I looked at the signed zones in large TLDs and found about 100 collisions. All of those zones worked fine as far as I could tell. This is a non-solution in search of a non-problem. Let's drop it, please. R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
