Hi all,
On the other hand, couldn't it actually be beneficial if the signalling
zone name is generic enough, and if (in theory on the future) it is
shared with possibly completely different signals, possibly unrelated to
DNSSEC?
With this in mind, I support the signalling label _signal. Otherwise, I
would prefer something of comparable (or even lower) length, not like
_dnssec-signal.
Libor
Dne 21. 04. 24 v 1:38 Paul Wouters napsal(a):
On Sat, 20 Apr 2024, Peter Thomassen wrote:
The authors certainly don't insist, but we'd need to pick a suitable
replacement for the "_signal" label.
John proposed "_dnssec-signal" elsewhere in this thread.
The authors would like to note that adding "_dnssec-" eats up 8 more
bytes, increasing chances that bootstrapping will fail due to the
_dsboot.<domain-name>._dnssec-signal.<nsname> length limitation.
Other than this (unnecessary?) use case narrowing, this choice seems
fine.
That said, does this choice address your concerns?
It would, but I would also be okay if it is just _dnssec.
The main question then is to get implementations updated. I'm thus
copying a few implementers so they can comment w.r.t. making this
change in their implementation. I suppose that barring their
objections, it's fine to go ahead?
I feel less sympathy there because I brought this up a long time ago :)
But also, implementations are all young and new and I think it is still
pretty easy to change.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org