[DNSOP] Re: Collision Free Key Tags for DNSSEC draft
Ondřej Surý <ondrej@sury.org> Mon, 06 October 2025 19:36 UTC
Return-Path: <ondrej@sury.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 645046E2B5EC for <dnsop@mail2.ietf.org>; Mon, 6 Oct 2025 12:36:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=sury.org header.b="a2s8E0r/"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="jEWmIcXx"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l7h7vaeFj6Bv for <dnsop@mail2.ietf.org>; Mon, 6 Oct 2025 12:36:45 -0700 (PDT)
Received: from fhigh-a1-smtp.messagingengine.com (fhigh-a1-smtp.messagingengine.com [103.168.172.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E1FCF6E2B5E4 for <dnsop@ietf.org>; Mon, 6 Oct 2025 12:36:44 -0700 (PDT)
Received: from phl-compute-10.internal (phl-compute-10.internal [10.202.2.50]) by mailfhigh.phl.internal (Postfix) with ESMTP id BF0A91400109 for <dnsop@ietf.org>; Mon, 6 Oct 2025 15:36:38 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-10.internal (MEProxy); Mon, 06 Oct 2025 15:36:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sury.org; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1759779398; x=1759865798; bh=uuDKDovkFA EtJS5tLi3lmKdOUg79ggNjeI/xqqWVLCM=; b=a2s8E0r/0+xWbqms9oiHnerd9O lhmUkJ8iZB73Nbkvh89iGMJi+Xno8HsbchgYXQkfKWU8VGt1Ckocpj75bM7QnSiG MKYkpdzLbBzP3ozPkUM9FyoJV6ATfu1n4Xj3UcmQOQ/Re2h574ZF559xEVRepQwm 4zwkYuwzyTHmEgnENt5Z9woSsqnEvfmqaxkJJm+UqHNya1kd6Dv26ssnYnP2ORzR qyuEiSdJd3ksMsRaCLnHd/jNvuDVQguuL4gaB90sZydylozHZ4E44udG03r5hAGB QUKT93MZdv19dVksvt8goU4B3cE6Yj3dtYUh+fC2BuCa/R9IAfkYIGLwU5fg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1759779398; x=1759865798; bh=uuDKDovkFAEtJS5tLi3lmKdOUg79ggNjeI/ xqqWVLCM=; b=jEWmIcXx53Bt6zyYbfnMdB/yHXKLmHs60Mk8VoicV+sQ+LtpOOM edbnz/AEIQLyrtGffVay+plpayEqMmZ1H0pwBrubz5fiSIO0yc+4f328st/3zBAa PwQr46hcKWaA0bNfbo/MO+RudwGwb74WE6y15cPXDy2efsxW0YALOPyRmRxAmeYa oyDQm2aPeXREYPVSZxS1dMoWN0x4rWdDxkOLUVe2+H++KbIJaH+8SZj78386LIvp +G/gM/OEOoE6y4hhVc3EYejfm008NaWDqbk4UDbhF15aLWrLzUixUl8mD76rYG7n cc7+MDUmyq8NID85c6r8m0krEBBFfByCSgw==
X-ME-Sender: <xms:RhrkaFsB09VFSSyDqhwj25YqqShPo3GgGQfgVrelU_lWQuOLKWlX8g> <xme:RhrkaJsipNAbQNGNQSnTUEdoTgg382qCS0mQ9js8Q4c_CXZCZmuXkyu7LD1yY6vkn hv2lTR9KDlY1LbZAzOg0MYn75MitHjF-zYca-YPHUvUVgOSl3Jdt7w>
X-ME-Received: <xmr:RhrkaJYSfkRZbYF09vGJVBi_rUr7bwa1jevIYpKHgIoFvbkIgP5r3FgoBo2WnAvTFPBJEf7Que4zbzGnzkZ_vWY8-8nMh4bYIog8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdelkeeflecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecunecujfgurhephfgtggfuffhfvfgjkffosehgtdhmrehhtd ejnecuhfhrohhmpefqnhgurhgvjhcuufhurhpuuceoohhnughrvghjsehsuhhrhidrohhr gheqnecuggftrfgrthhtvghrnhephffhteduvdelfeefvefhuefhuedthefggfdvvdetke fhiedtveeutdeuhfelvdffnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepohhnughrvghjsehsuhhrhidrohhrghdpnhgspghrtghpthhtohepud dpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepughnshhophesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:RhrkaCYZyyBxMf9dYV7BNPF0g4GFXNm8tgiQUkLNFCRnvkg1kWP6AQ> <xmx:RhrkaFVaj_ow1eTO30fxfY9Rpbr2fJeF2EYYKlEjMHH9rt2aiMoUbQ> <xmx:RhrkaJ3JshcvxpfqbOJe3V86S1MogqufoOYP_MAMzxPpa58c8AurFA> <xmx:RhrkaMbSqXxoaXNmdCue-f89_A5RPAdEZLtFJ7GM8FxGADfIjo7Rog> <xmx:RhrkaBtbmuqz6wTEdEHvms6GwOt0t2iwAaqtuY7WyZnYwGlmawAkTltd>
Feedback-ID: ida81469e:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <dnsop@ietf.org>; Mon, 6 Oct 2025 15:36:38 -0400 (EDT)
From: Ondřej Surý <ondrej@sury.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_235C7968-35D5-4175-B7A3-2E1DFB3F714E"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.100.1.1.5\))
Date: Mon, 06 Oct 2025 21:36:26 +0200
References: <D48EDF62-3F16-4B4B-B73D-5F345527ACA4@sury.org> <D3A20344-C1C0-4B19-A210-340662421966@nohats.ca> <m1v4E0u-0000M9C@stereo.hq.phicoh.net> <20251002193113.15620DF7E96F@ary.qy> <m1v4bPP-0000MTC@stereo.hq.phicoh.net> <20251003172008.AAC59DFA2530@ary.qy>
To: dnsop@ietf.org
In-Reply-To: <20251003172008.AAC59DFA2530@ary.qy>
Message-Id: <EB0DA1CD-F56E-4613-A98A-66CBFA625A6F@sury.org>
X-Mailer: Apple Mail (2.3864.100.1.1.5)
Message-ID-Hash: G752G7G2VS2LG2DBSSFKKOXMQYVIVNBV
X-Message-ID-Hash: G752G7G2VS2LG2DBSSFKKOXMQYVIVNBV
X-MailFrom: ondrej@sury.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Collision Free Key Tags for DNSSEC draft
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZGLfHlZmKfvcHMabaaaR_JUeebk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
No we are not the Network Police. But we do provide protocol definition and protocol guidance all the time. I'm with Phillip on this one that documenting this and providing a guidance would be a good thing. (However, I am swamped with work, so I can't really promise I would write this.) Ondrej -- Ondřej Surý (He/Him) ondrej@sury.org > On 3. 10. 2025, at 19:20, John Levine <johnl@taugh.com> wrote: > > We're not the Network Police. No matter how loudly we say MUST NOT, as we saw > with Keytrap, there will be tag collisions, whether by accident or malice. Every > DNS cache has to deal with it, and nothing we do will change that. The current > code stops after two or three collisions, the most we could do is drop that to > one a decade from now. I do not see why that it is worth any effort at all.
- [DNSOP] Collision Free Key Tags for DNSSEC draft Shumon Huque
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Peter Thomassen
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Libor Peltan
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Paul Wouters
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Yorgos Thessalonikefs
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Libor Peltan
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Jim Reid
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Ted Lemon
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Ted Lemon
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Jim Reid
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Peter Thomassen
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Steve Crocker
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Steve Crocker
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Warren Kumari
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Warren Kumari
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Ralf Weber
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Paul Hoffman
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Paul Wouters
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… John Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Paul Wouters
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Libor Peltan
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… John Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Petr Špaček
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… John Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… John R Levine
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Mark Andrews
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Shumon Huque
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Petr Špaček
- [DNSOP] Re: [Ext] Collision Free Key Tags for DNS… Paul Hoffman
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Ondřej Surý
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Yorgos Thessalonikefs
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Paul Wouters
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Collision Free Key Tags for… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Paul Wouters
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Ondřej Surý
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Ted Lemon
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Libor Peltan
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Mark Andrews
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Joe Abley
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Paul Wouters
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Miek Gieben
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Petr Špaček
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Peter Thomassen
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Peter Thomassen
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Libor Peltan
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Johan Stenstam
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Philip Homburg
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… Libor Peltan
- [DNSOP] Re: Collision Free Key Tags for DNSSEC dr… John R Levine