Hi Matthijs, Thanks for your feedback.
On 10/14/25 11:07, Matthijs Mekking wrote:
In the case there is no knowledge about the parent's preference I agree it is a good idea to require publishing both. But in the case the preference is clear, I don't see why the parent should dismiss the update because the other, redundant format is missing.
Only to keep the door open for later deprecation of one of the two types by the community. It's up to the community to decide whether that is a goal or not.
I like to point out that there is a similar thing with DNSSEC validation and algorithms: On the authoritative side we require a zone to be signed with all algorithms signaled in the DS, but the validator should accept a single valid path.
True, but there are several algorithms that they MUST support, which and there are algorithms that MUST NOT used by for signing any longer. It is this multiplicity of supporting things that allows transition paths. There is no such multiplicity around C* support today, and as a result there will not be a deprecation path unless we create it.
Also I suggest to ask this question on other DNS operator mailing lists, to have a broader input (DNS-OARC, RIPE WG, CENTR, ...).
Good idea, thanks! Note that I'm not attempting to advocate for a specific outcome -- I actually don't have a preference. I'd just this stuff to work as best as possible, so that we don't regret decisions later, hence me trying to be explicit about future effects to enable "conscious consensus". :) Best, Peter _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
