>We should recommend secure defaults and let users of DNS crudware harangue >their vendors or find new ones that >can support publishing secure keys. We’re also foreshadowing long key lengths >next year.
Having been dealing with the crudware argument for a very long time* I can tell you that the chances of getting all the crudware fixed anytime soon are negligible, and nobody's going to change registrars because they can't publish 2K keys. That's why I suggested we add EdDSA. It's, ah, crudware resistant. R's, John * - see draft-levine-dnsextlang-09 _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc