[dnssec-deployment] DNSSEC in Russia
Edward Lewis
Ed.Lewis at neustar.biz
Thu Apr 2 19:02:07 EDT 2009
At 16:38 -0600 4/2/09, Francisco Arias wrote:
>Maybe if there were a mechanism for the resolver to indicate which
>algorithm it supports or prefers, so the authoritative server would
>answer the query with RRs signed only using that algorithm.
I would like to point out, without any snark or sarcasm, that this is
the first constructive statement made today on this topic. And that
applies to my messages too.
Somehow I think this idea was floated once (I hate saying that
because it sounds like I'm trying to derail this, but there's some
deja vu hitting me) but ran into trouble when it came how a resolver
would indicate the algorithm(s) it preferred - preferred or accepted.
The issue is - if there is more than one algorithm, how. And it's
important to realize that we need to avoid any interactive
negotiation of parameters (a DNS principle).
But, this is a viable path to pursue if we need to do so.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Getting everything you want is easy if you don't want much.
More information about the Dnssec-deployment
mailing list