It appears that Petr � pa� ek <[email protected]> said: >For colliding keytags, that's just nonsense. There's no incentive to >support these and BIND will currently refuse anything with more than one >collision. > >I'm all for declaring >acceptable number of collisions = 0
I surveyed all the signed subdomains in gTLDs with more than a million names last year, and found 107 domains with two colliding keytags, none with three keytags. If you forbid all collisions, you will break a small but non-zero number of zones that work correctly today. If you allow one collision, you will as far as I can tell break nothing. Here's the slides. https://docs.google.com/presentation/d/1snTpkDcRmJN8bbGx9XrOt5taUdS1xSElMB1Ok8s7Kko/edit?usp=sharing R's, John
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
