To:
Scott Rose <scottr@antd.nist.gov>
Cc:
dnssec@cafax.se
From:
Miek Gieben <miekg@nlnetlabs.nl>
Date:
Thu, 19 Apr 2001 15:33:55 +0200
Delivery-Date:
Thu Apr 19 20:31:00 2001
In-Reply-To:
<004501c0c8d1$98211980$b9370681@antd.nist.gov>; from scottr@antd.nist.gov on Thu, Apr 19, 2001 at 09:06:48AM -0400
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
On Thu, Apr 19, 2001 at 09:06:48AM -0400, Scott Rose wrote: > A PUBKEY RR would look like the KEY RR now: with a protocol and algorihtm > field, but the flags would not be needed (or reduced). I would assume the > protocol using DNS to search for a public key would know how to interpret it > in the reply. The PUBKEY RR would be like the CERT RR now - separate from > DNSSEC. It could even be used without DNSSEC (I know, it wouldn't be smart > to accept a key without a verified SIG). why not used CERT then? it looks to me if we're re-doing CERT records? grtz Miek