This whole argument of weakest vs strongest was had years ago in DNSSEC and quite frankly is a waste of time trying to pick the strongest as you are often comparing apples and oranges.
DNSSEC validators just have a way to say "we no longer trust this algorithm" and once that is set all records with that algorithm are ignored when doing validation regardless of whether there is code to support that algorithm or not. DANE implementations need a way to do the same for matching type. Stop trying to over engineer this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
