[dns-operations] DNSSEC and multiple signatures
Eric Germann
ekgermann at gmail.com
Mon May 17 18:34:37 UTC 2021
I have a question regarding multiple signings. I’ve seen some domains sign
with multiple algorithms (8 and 13 specifically).
How does a validating resolver choose which signature to use. First
available? Stronger crypto? Both have to be valid through the chain?
Random?
Than
---
Eric Germann
ekgermann(at)semperen(dot)com || ekgermann(at)gmail(dot)com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
Telegram||Signal +1(dash)419(dash)513(dash)0712
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210517/335af88a/attachment.html>
More information about the dns-operations
mailing list