On 09. 07. 25 4:11, John Levine wrote:
It appears that Petr � pa� ek <[email protected]> said:
For colliding keytags, that's just nonsense. There's no incentive to
support these and BIND will currently refuse anything with more than one
collision.
I'm all for declaring
acceptable number of collisions = 0
I surveyed all the signed subdomains in gTLDs with more than a million names
last year,
and found 107 domains with two colliding keytags, none with three keytags.
If you forbid all collisions, you will break a small but non-zero number of
zones that
work correctly today. If you allow one collision, you will as far as I can
tell break nothing.
Here's the slides.
https://docs.google.com/presentation/d/1snTpkDcRmJN8bbGx9XrOt5taUdS1xSElMB1Ok8s7Kko
I take that as an argument to forbid it!
107 sounds like perfectly tractable number to fix. The two flag days had
waaaay wider reach, for example, and way more domains got fixed.
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
