>For existing algorithms, we could punt. Or introduce new aliases/numbers >(which I know some folks don't like, though we've done that successfully >with algs 6 and 7 for NSEC3), or target a future flag date for enforcement >(and I know some folks hate flag days - Paul Wouters gave me a tshirt on >that subject this week! :)
In my opinion the thing to do now is publish a BCP that signers have to avoid collisions (and other reasons for bad signatures) That will have about the same effect (and with a lot less hassle) as issuing new code points for existing algoritms. We don't need a flag day. Validators can tolerate a few signature validation errors. The main thing is that with a BCP it is clearly an error on the side of the signer. Now it s something that is allowed by the protocol (and even expected to some extent from naive signers). _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
