In your letter dated Fri, 14 Nov 2025 18:06:05 +0000 you wrote: >Code points 253 and 254 are PRIVATE*. This is the issue we're talking >about, and the reason the change is needed. > >If you have a DS record with 253 in its algorithm field, you have not >specified the key algorithm. The DNSKEY RRset may contain any number of >keys with algorithm 253, all with different algorithms, because when that >code point is in use, the algorithm is encoded into the key data, not the >algorithm field.
Using a private hash algorithm (as opposed to the PRIVATE* signature algorithms), this draft can be implemented without a standards track RFC. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
