> A BCP is a standards-track document. If all you want to do is make > a really strong suggestion, as compared to a change in the protocol, > you need to say something like "a DNSSEC signer should strongly > consider...". > > If you want a protocol BCP, it would be "DNSSEC validators MUST > expect key tag collisions and MUST ...".
There is no need to change the protocol for validators (at this time). What is needed is a very strong hint for DNSSEC signing software that key tag collisions need to be avoided. We have two mechanisms, either a standards track RFC that changes the protocol or a BCP that does not change the protocol but sends a strong message that, even though collisions are allowed by the protocol, they are a bad idea and need to be avoided. Once we have a BCP we start figuring out which software cannot comply with the BCP and why. Right now any new signer can just generate collisions. We have no document that says that collisions are a bad idea. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
