On Mon, 2022-03-28 at 12:23 +1100, Mark Andrews wrote: > Please quote where it is stated that “private is not for > experimentation”. > > > > Private is private. Do what you want with it as long as you identify > the > > the algorithm uniquely and that includes experimental > implementations.
Hi Mark, my understanding of 'private' is that I cannot have any expectations on how the resolver will treat it. Hence, when experimenting with new DNSSEC algorithms, 'private' is not the behavior I am interested in. Instead, I am interested how the resolver would treat my new algorithm if it was assigned a (regular, non-private) code point. Arguing that resolvers would behave the same on unknown code points and private code points is difficult, as a large portion of users use closed-source implementations. You said yourself that BIND "currently" treats 253 as unknown; so different behavior is conceivable? This uncertainty can be partially addressed by reserving some code points for "unknown algorithms" behavior (rather than the semantics of 253). While this will not solve all concerns with such studies, I'm not aware of significant downsides to reserving more code points. (Other than running out of numbers, do you have any other concern?) Alternatively, people can just used unassigned numbers. I did that recently, and my impression was that people read that as me trying to create facts for a future official number assignment -- an impression that I did not intend to make and would like to avoid in the future. Best, Nils -- deSEC e.V. · Kyffhäuserstr. 5 · 10781 Berlin · Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
