To:
Scott Rose <scottr@antd.nist.gov>
Cc:
Miek Gieben <miekg@nlnetlabs.nl>, dnssec@cafax.se
From:
Miek Gieben <miekg@nlnetlabs.nl>
Date:
Thu, 19 Apr 2001 15:55:40 +0200
Delivery-Date:
Thu Apr 19 20:31:03 2001
In-Reply-To:
<006601c0c8d6$243b5a80$b9370681@antd.nist.gov>; from scottr@antd.nist.gov on Thu, Apr 19, 2001 at 09:39:21AM -0400
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
> > > to accept a key without a verified SIG). > > why not used CERT then? > > > > it looks to me if we're re-doing CERT records? > > > > grtz Miek > > > Yup, it does, maybe more advertising of CERT is in order (and guidelines for > using it to encode public keys). We could still make the KEY RR a > "dnssec-only" record, and force the issue by making the changes I mentioned. looks like a good path to follow, grtz Miek