DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Ted.Lindgreen@tednet.nl
Cc: Dan Massey <masseyd@isi.edu>, Jakob Schlyter <jakob@crt.se>, Scott Rose <scottr@antd.nist.gov>, Miek Gieben <miekg@nlnetlabs.nl>, dnssec@cafax.se
From: Miek Gieben <miekg@nlnetlabs.nl>
Date: Fri, 20 Apr 2001 10:30:56 +0200
Delivery-Date: Fri Apr 20 14:25:31 2001
In-Reply-To: <200104200819.KAA17982@omval.tednet.nl>; from ted@tednet.nl on Fri, Apr 20, 2001 at 10:19:29AM +0200
Sender: owner-dnssec@cafax.se
Subject: Re: Keys at apex problem - New PUBKEY RR?

On Fri, Apr 20, 2001 at 10:19:29AM +0200, Ted Lindgreen wrote:
> >From the three alternatives I see:
> 
> 1. Live with non-zone-KEY RRs in the apex.
> 2. Separate KEY RR usage (KEY in apex is zoneKEY and zoneKEY only,
>    KEY RRs outside apex are for other usage), and try to enforce
>    this usage by SHOULD of MUST.
> 3. Limit the KEY RR usage to zoneKEY only and use some other RR
>    for anything else.
> 
> number 3 certainly looks the cleanest.
i agree, and it can be done now with bind9 and CERT RRs,

grtz Miek

References:
- Re: Keys at apex problem - New PUBKEY RR?
  - From: ted@tednet.nl (Ted Lindgreen)

Prev by Date: Re: Keys at apex problem - New PUBKEY RR?
Next by Date: Re: Keys at apex problem - New PUBKEY RR?
Prev by thread: Re: Keys at apex problem - New PUBKEY RR?
Next by thread: Re: Keys at apex problem - New PUBKEY RR?
Index(es):
- Date
- Thread

Home | Date list | Subject list