To:
Olafur Gudmundsson <ogud@ogud.com>
Cc:
Havard Eidnes <he@runit.no>, <dnssec@cafax.se>, <sra@hactrn.net>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Thu, 26 Apr 2001 21:47:03 +0200 (CEST)
Delivery-Date:
Thu Apr 26 21:54:11 2001
In-Reply-To:
<5.1.0.14.0.20010426140231.0558d810@localhost>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
On Thu, 26 Apr 2001, Olafur Gudmundsson wrote: > If there is a redirection in what cases MUST the key be stored with > the SRV record versus the target. > Example: (ssh is not the best protocol for this example but will do). > _ssh._tcp.example.com. SRV 0 0 22022 terminal.example.com. > and later in the zone there is > _ssh._tcp.HOST.example.com. SRV 0 0 22122 terminal.example.com > > In this case does terminal use one or two different host keys ? > If the answer is one then the key should be stored with at > _ssh._tcp.terminal.example.com. > on the other hand if the keys are different then I can make an argument > for storing the keys with the SRV record rather than have one large KEY > set at terminal. do we have to (or rather should we) specify this or would this be up to the application to decide? if the srv record redirects to several hosts, should all hosts be forced to have the same host key? a better solution could be to first look up the key at the srv record first (if used) and, if not found, fall back to the keys at the host selected. /Jakob -- Jakob Schlyter <jakob@crt.se> Network Analyst Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology