New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
do we need DNSKEY flags? #20
Comments
#22 notes that .de does not currently accept flags=0. This might be true for other registries as well. |
We need to adapt our 'registry changes' section for this. |
As we discussed on IRC the DNSKEY flag would primarily be a cosmetic change, since we cannot use the flags to signal anythign pre-connection, since you need the key material to "guess" the DNSKEY flags based on the DS. So any signalling via DNSKEY flags would be limited to post-connection for which I see no current use case. |
So then the options become:
|
Based on (limited) information, I am now leaning towards 257 for the flags, with words like 'as algo TBD is not allowed for Zone Signing in the DNSKEY algo registry, the flags do not have their usual meanings. Setting the flags to zero would require changes in a lot of TLD registries, which we want to avoid.' |
Reopened because I don't think this discussion is done. |
Obviously not ZONE and SEP.
Maybe think about what REVOKE means?
Do we need a flag allocated? My feeling is no, because the algo number already signals all necessary semantics.
The text was updated successfully, but these errors were encountered: