On Sun, 13 Jul 2025, Warren Kumari wrote:
Is there any actual downside to saying something like "if the new key has a colliding keytag, just throw it away and try again"? And if you have multiple signers, partitioning the space both allows this, and provides a quick signal to a zone owner who is doing debugging at 3AM *which* signer generated the key...
As optional operational advice, sure, why not.
Without all of the MUSTs, and instructions to the validators, avoiding collisions, when easy, seems like a win to me.
Right, it's the MUST stuff that makes no sense. We are still not the Network Police and no matter what we say, there will always be some collisions whether by accident or malice, and resolvers will always need to deal with them. The current approach, stop after a small number like 2, seems reasonable.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
