On Mon, Nov 30, 2015 at 05:29:53PM +0000, Wessels, Duane wrote: > As I've said a number of times before, the edns-key-tag proposal is modelled > after RFC 6975, which does the same thing for algorithms. If it works for > algorithms why wouldn't it work for key tags?
Does it work? Has anyone deployed 6975? We have an experimental implementation of it in a development branch for BIND, but we decided not to release it because the benefits didn't seem commensurate with the extra complexity and packet size. I haven't checked to see whether any other implementations are using it. We've certainly encountered operational difficulties when sending unknown EDNS opcodes to broken servers. Mark has been pushing hard on this issue, and things are getting better, but it's still a problem. > > without needing the entire ecosystem to be upgraded > > which this proposal requires. > > I disagree with this characterization that "the entire ecosystem" needs > to be upgraded. Yes a non-key-tag-aware recursive won't know to forward > the option, but this is true for all EDNS options. But it isn't true for query names. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
