> I want private DNSSEC algorithms to work as well as any otherDNSSEC > algorithm. It doesnt matter what my use case is or even if I have > one. I want the code points to work for anyone in the world that > wants to use them for whatever use case they have. They did before > DS was invented. They currently do not do this because we stuffed > up when we designed the DS record. I asked at the time if the > identifier needed to be embedded in the hash field and was told > no, its not needed". Obviously that was a mistake.
I noticed that IANA has now reserved digest algorithms 253 and 254 for private use. Given the extremely limited use of the PRIVATE* algorithms in the past 20 years, it seems better if you would just switch to 253 or 254. Then we don't have to have a new standards track document for an extremely limited use-case. I'm happy with the way DS was specified. It would be very annoying if DS would require an implementation to handle PRIVATE* just to have a compliant implementation of DS. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
