[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: <dnssec@cafax.se>
Cc: lewis@tislabs.com
From: Edward Lewis <lewis@tislabs.com>
Date: Mon, 23 Apr 2001 09:27:11 -0400
In-Reply-To: <00a501c0cbf5$90a2fa80$b9370681@antd.nist.gov>
Sender: owner-dnssec@cafax.se
Subject: Re: Keys at apex problem - New PUBKEY RR?

At 9:01 AM -0400 4/23/01, Scott Rose wrote:
>Possibly a problem, That depends on the adoption of using the DNS to
>distribute keys.  Public keys can be very large, and even with EDNS, there
>will be a lot of truncated responses (and TCP queries) when there are
>several APPKEYs for a name.

Another reason for the use of special names and not a new type.

>
>This is probably the easiest solution, since the structure is already in
>place and only requires admins to change zone files. How hard can that be
>;-) ?

Yet another...

>This makes queries made by DNS servers to get DNSSEC keys untouched, if EDNS
>is used, I don't think the drawback will be a problem.  Unless there are a
>lot of keys a host must use with a particular application.

And yet...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                NAI Labs
Phone: +1 443-259-2352                      Email: lewis@tislabs.com

You fly too often when ... the airport taxi is on speed-dial.

Opinions expressed are property of my evil twin, not my employer.



Home | Date list | Subject list