To:
Havard Eidnes <he@runit.no>, ogud@ogud.com
Cc:
dnssec@cafax.se, sra@hactrn.net
From:
Olafur Gudmundsson <ogud@ogud.com>
Date:
Thu, 26 Apr 2001 11:35:13 -0400
Delivery-Date:
Thu Apr 26 21:53:56 2001
In-Reply-To:
<20010426172931A.he@runit.no>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
At 11:29 26-04-2001, Havard Eidnes wrote:
> > > > >$origin east.isi.edu.
> > > > >@ IN SOA ...
> > > > >@ NS ...
> > > > >@ A 38.245.76.2
> > > > >@ KEY <zone key>
> > > > >_ssh._tcp SRV 0 0 @
> > > > >_ssh._tcp KEY <ssh host key material>
> > > >
> >
> > In this case the SRV record is redundant.
>
>Uhm, excuse me? It serves to move the SSH application KEY record
>away from the zone apex, which was otherwise the major sticking
>point with the original proposal, if I recall correctly?
SRV allows you to move certain data to any RANDOM place in the name space.
The naming proposal is to use FIXED prefix name to store the keys for
certain protocols. What I'm saying if the key is stored at the same name
as the SRV record would then the SRV is redundant there, if the key is
stored somewhere else then SRV is needed.
Olafur