To:
Scott Rose <scottr@barnacle.antd.nist.gov>
Cc:
<dnssec@cafax.se>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Mon, 23 Apr 2001 17:02:02 +0200 (CEST)
Delivery-Date:
Tue Apr 24 08:04:50 2001
In-Reply-To:
<01042310354500.00903@barnacle.antd.nist.gov>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
On Mon, 23 Apr 2001, Scott Rose wrote: > I think the name vs. new type leads us to this choice: > > _<app>.name KEY or name APPKEY > > having a separate type and a naming convention for apps wouldn't be > that much different than the first option another advantage of using _<app>.name and is zone splitting. i.e. keys can be put in a separate zone so you can delegate the data for some application to a separate set of servers. slightly off-topic I'd like to mention that we've been discussing something like this for naming the keys of CERT user (and other) keys. if we use user@foo.bar -> CERT(user._pgp.foo.bar) we get benefits like: - less risk of name collision between users and hosts (until hosts get PGP keys that is) - the option to move the many and big CERT records for users out of the way from the "normal" zone. - the possibility of interfacing to alternates backends in the nameservers. /Jakob -- Jakob Schlyter <jakob@crt.se> Network Analyst Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology