On 20 Apr 2024, at 19:38, Paul Wouters wrote: > On Sat, 20 Apr 2024, Peter Thomassen wrote: > >> The authors certainly don't insist, but we'd need to pick a suitable >> replacement for the "_signal" label. >> >> John proposed "_dnssec-signal" elsewhere in this thread. >> >> The authors would like to note that adding "_dnssec-" eats up 8 more bytes, >> increasing chances that bootstrapping will fail due to the >> _dsboot.<domain-name>._dnssec-signal.<nsname> length limitation. Other than >> this (unnecessary?) use case narrowing, this choice seems fine. >> >> That said, does this choice address your concerns? > > It would, but I would also be okay if it is just _dnssec. >
If the concern is that the label is too generic, “_dnssec” might be too generic as well. If it is to be more precise, go with _ds-boot or something more specific to the use case. I don’t have an implementation in the mix, so it this isn’t a strong opinion. If the group agrees _dnssec is fine, then I am fine with it too. Scott ===================================== Scott Rose NIST/CTL/WND scott.r...@nist.gov ph: 301-975-8439 GoogleVoice: 571-249-3671 ===================================== _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop