Feb. 21, 2018
7:28 p.m.
So my base point is - don't try to fix the wrong problem. Key tags are what they are and will remain as such. With 16 bits, collisions are inevitable at some point and may actually occur *after* the keys are generated (- revoked keys). Fix 8145 and KSK sentinel instead.
(And by the way - does any of the 8145 or KSK sentinel implementations correctly match a revoked key with its unrevoked brother?)
I don't understand this question Mike - particularly “unrevoked brother” - could you describe in a little more detail what you are referring to here? thanks, Geoff