To:
simon@josefsson.org
Cc:
Ted.Lindgreen@tednet.nl, masseyd@isi.edu, dnssec@cafax.se
From:
Havard Eidnes <he@runit.no>
Date:
Thu, 19 Apr 2001 12:11:51 +0200
Delivery-Date:
Thu Apr 19 20:31:10 2001
In-Reply-To:
Your message of "18 Apr 2001 18:47:28 +0200"<ilu7l0if93z.fsf@barbar.josefsson.org>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem
> One solution that wouldn't require changing specifications nor > implementations, and would remove this problem, would be to mandate a > practice (both in the SSH DNSSEC-patches as well as with the zone file > administrators) to add ssh KEY RR's as "_ssh.host.example.org" or > something similar. E.g. inventing a subdomain where you store the ssh > key for a host. Of course, it is ugly but I don't see any immediate > disadvantages and it does fix the problem we're discussing here. This could be combined with the use of SRV records, could it not? (To work around this particular problem.) Regards, - Håvard