Hello all, We (Knot DNS) don't see any issue with updating our implementation if necessary. Personally I'm fine with the current format.
Daniel On 4/21/24 01:38, Paul Wouters wrote:
On Sat, 20 Apr 2024, Peter Thomassen wrote:The authors certainly don't insist, but we'd need to pick a suitable replacement for the "_signal" label. John proposed "_dnssec-signal" elsewhere in this thread.The authors would like to note that adding "_dnssec-" eats up 8 more bytes, increasing chances that bootstrapping will fail due to the _dsboot.<domain-name>._dnssec-signal.<nsname> length limitation. Other than this (unnecessary?) use case narrowing, this choice seems fine.That said, does this choice address your concerns?It would, but I would also be okay if it is just _dnssec.The main question then is to get implementations updated. I'm thus copying a few implementers so they can comment w.r.t. making this change in their implementation. I suppose that barring their objections, it's fine to go ahead?I feel less sympathy there because I brought this up a long time ago :) But also, implementations are all young and new and I think it is still pretty easy to change. Paul
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop