To:
Randy Bush <randy@psg.com>
Cc:
Olafur Gudmundsson <ogud@ogud.com>, Havard Eidnes <he@runit.no>, <dnssec@cafax.se>, <sra@hactrn.net>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Thu, 26 Apr 2001 18:25:01 +0200 (CEST)
Delivery-Date:
Thu Apr 26 21:53:59 2001
In-Reply-To:
<E14sniW-000EzX-00@rip.psg.com>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
On Thu, 26 Apr 2001, Randy Bush wrote: > there is no benefit to using oracle if the encyclopoedia britanica is > stored in the dns. we should not store the encyclopoedia itself, but perhaps the key or cert needed to access it securly. > we put in two extensibility mechanisms in to handle all this stuff, > srv and naptr. if you want some applications data, then use these > mechanisms to find them. and, if those mechanisms don't do the job, > then let's find out why and fix them, not add more and more half-assed > mechanisms. srv will not help us relocating key. naptr could be used to point out where to find keys or certificates, but it would give us something like a chicken and egg problem. we need the key and cert in dns to bootstrap other protocols (that maybe uses naptr to find its data). /Jakob -- Jakob Schlyter <jakob@crt.se> Network Analyst Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology