do we need DNSKEY flags?

[Habbie]

Obviously not ZONE and SEP.

Maybe think about what REVOKE means?

Do we need a flag allocated? My feeling is no, because the algo number already signals all necessary semantics.

[Habbie]

#22 notes that .de does not currently accept flags=0. This might be true for other registries as well.

[Habbie]

notes that .de does not currently accept flags=0. This might be true for other registries as well.

We need to adapt our 'registry changes' section for this.

[RobinGeuze]

As we discussed on IRC the DNSKEY flag would primarily be a cosmetic change, since we cannot use the flags to signal anythign pre-connection, since you need the key material to "guess" the DNSKEY flags based on the DS. So any signalling via DNSKEY flags would be limited to post-connection for which I see no current use case.

[Habbie]

So then the options become:

• 0 - seems to make the most semantic sense
• 256/257 - might be necessary for a lot of registries right now

[Habbie]

Based on (limited) information, I am now leaning towards 257 for the flags, with words like 'as algo TBD is not allowed for Zone Signing in the DNSKEY algo registry, the flags do not have their usual meanings. Setting the flags to zero would require changes in a lot of TLD registries, which we want to avoid.'

[Habbie]

Reopened because I don't think this discussion is done.