[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Jakob Schlyter <jakob@crt.se>
Cc: Simon Josefsson <simon@josefsson.org>, Ted.Lindgreen@tednet.nl, Dan Massey <masseyd@isi.edu>, dnssec@cafax.se
From: Miek Gieben <miekg@nlnetlabs.nl>
Date: Thu, 19 Apr 2001 13:25:13 +0200
Delivery-Date: Thu Apr 19 20:30:54 2001
In-Reply-To: <Pine.BSO.4.33.0104191209220.6456-100000@fonbella.crt.se>; from jakob@crt.se on Thu, Apr 19, 2001 at 12:16:28PM +0200
Sender: owner-dnssec@cafax.se
Subject: Re: Keys at apex problem

On Thu, Apr 19, 2001 at 12:16:28PM +0200, Jakob Schlyter wrote:
> On 18 Apr 2001, Simon Josefsson wrote:
> is there a problem changing the specs when there are no widely deployed
> implementations? the only applications I know of that are using KEY is
> isakmpd and fmeshd's ssh.
> 
> if we like to add a PUBKEY RR, we should do it now. it may be to late, but
> as soon as people starts using it, we're into more problems. or we should
> make a workaround for the apex problem, either by relocating the
> application keys (like _ssh.host.example.org) or by ignoring the problem
> (and therefore prohibiting application keys at the apex). relocation is
> always an option and how it is done could be specified in a rfc on how to
> lookup keys for a specific application.
I like the idea of adding a new RR more than using subzones for storing
public keys. As we are about to remove the NULL key, why not add such
a new RR?

grtz Miek

Home | Date list | Subject list