On Wed, 9 Jul 2025, Petr Špaček wrote:
https://docs.google.com/presentation/d/1snTpkDcRmJN8bbGx9XrOt5taUdS1xSElMB1Ok8s7Kko
I take that as an argument to forbid it!
107 sounds like perfectly tractable number to fix. The two flag days had
waaaay wider reach, for example, and way more domains got fixed.
I still don't see the point.
That was a snapshot from a year ago. If I did it again, the list would be
different. We wouldn't have just to fix the collisions in those 107
domains, we'd have to upgrade *everyone's* software to prevent them in the
future.
Getting rid of all of the potential collisions would be a great deal of
work. For some people it might just be a new version of bind, but we
don't all run bind, and as the draft noted, if there are multiple signers
or HSMs the changes are not trivial.
And for what? Since the keytrap stuff last year caches already limit
collisions to 2 or 3, realistically it's never more than 1, and the long
tail means caches will be making this check forever. What's the benefit,
other than perhaps aesthetic, of dropping the nominal limit from 2 to 0?
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
