In your previous mail you wrote: > Two points that I request this WG to discuss are: > > 1. Sparsely TSIG signed TCP continuation messages (section 6.4 in draft)
=> I'd like to do this but it is not possible to change requirements for existing implementations so easily. I added a SHOULD for signing all messages so on the long term they should disapear.,, > 2. Truncated MACs => first they are optional so not required to be implemented/supported. Second I'd like to get the opinion from a cryptographer because I heard that truncated HMACs have some security benefits. Last of course they make messages shorter so have a clear operational advantage. Now I do not know if they are heavily used. If they are not we can consider to add a NOT RECOMMENDED for their implementation/support even it is not really in the scope of the document. Thanks francis.dup...@fdupont.fr _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop