To:
<dnssec@cafax.se>
Cc:
lewis@tislabs.com
From:
Edward Lewis <lewis@tislabs.com>
Date:
Mon, 23 Apr 2001 09:27:11 -0400
In-Reply-To:
<00a501c0cbf5$90a2fa80$b9370681@antd.nist.gov>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
At 9:01 AM -0400 4/23/01, Scott Rose wrote: >Possibly a problem, That depends on the adoption of using the DNS to >distribute keys. Public keys can be very large, and even with EDNS, there >will be a lot of truncated responses (and TCP queries) when there are >several APPKEYs for a name. Another reason for the use of special names and not a new type. > >This is probably the easiest solution, since the structure is already in >place and only requires admins to change zone files. How hard can that be >;-) ? Yet another... >This makes queries made by DNS servers to get DNSSEC keys untouched, if EDNS >is used, I don't think the drawback will be a problem. Unless there are a >lot of keys a host must use with a particular application. And yet... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NAI Labs Phone: +1 443-259-2352 Email: lewis@tislabs.com You fly too often when ... the airport taxi is on speed-dial. Opinions expressed are property of my evil twin, not my employer.