Hi Libor,
Thanks for your reply.
Judging by the current RFCs, although RFC 6781 proposes two approaches, it
still specifically outlines how the conservative approach should be
implemented,which is compliant with RFC 4035.
Cathy
At 2026-05-12 22:31:22, "Libor Peltan" <[email protected]>
wrote:
Hi Cathy,
it is slightly puzzling me that one RFC (6781) encourages "loose
interpretation" (in fact, violation) of another RFC (4035).
I'd stick with what is called the "conservative approach" , until
draft-huque-dnsop-multi-alg-rules makes it to RFC (I wish!).
Libor
On 12. 05. 26 11:27, Cathy Zhang wrote:
Hi all,
RFC 6781 defines two modes for algorithm rollover: the conservative approach
and the liberal approach.
And the relevant description is given on page 29 of RFC 6781 as follows:
However, there are implementations of validators known to follow the
more conservative approach. Performing a Double-Signature KSK
algorithm rollover will temporarily make your zone appear as Bogus by
such validators during the rollover. Therefore, the rollover
described in this section will explain the stages of deployment and
will assume that the conservative approach is used.
Is this distinction still necessary today, or is it possible to adopt the same
approach as for ZSK/KSK rollover?
BR,
Cathy
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
