On Oct 2, 2025, at 00:46, Philip Homburg <[email protected]> wrote: > However, I think a BCP that says: > "a DNSSEC signer MUST NOT sign a DNSSEC RRset that contains key tag > collisions" > would be a good step forward.
A BCP is a standards-track document. If all you want to do is make a really strong suggestion, as compared to a change in the protocol, you need to say something like "a DNSSEC signer should strongly consider...". If you want a protocol BCP, it would be "DNSSEC validators MUST expect key tag collisions and MUST ...". --Paul Hoffman _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
