On Tue, 8 Jul 2025, Paul Wouters wrote:
A better solution would be for resolvers to detect when they are under keytag DoS, and then take counter measures - not for the protocol to be changed and made more complicated.
Exactly. Malicious (or I suppose buggy) signers can publish colliding keytags, so resolvers have to defend against it. Changing the spec won't change that.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
