[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Jaap Akkerhuis <jaap@bartok.sidn.nl>
Cc: Randy Bush <randy@psg.com>, <dnssec@cafax.se>
From: Jakob Schlyter <jakob@crt.se>
Date: Tue, 1 May 2001 11:33:53 +0200 (CEST)
Delivery-Date: Wed May 2 08:47:38 2001
In-Reply-To: <200104301233.f3UCXZP31164@bartok.sidn.nl>
Sender: owner-dnssec@cafax.se
Subject: Re: Keys at apex problem - New PUBKEY RR?

On Mon, 30 Apr 2001, Jaap Akkerhuis wrote:

> I have to side with Randy here. During this discussion I also
> noticed that peopl are mixin apple and oranges, as Randy eloquently
> state:
>
>       o what we have is a generic problem, how to go securely from a secured
>         lookup in the dns to a wide set of secure APPLICATIONS on hosts.

but the questions is if whether we should use only DNS or have it
reference yet another lookup mechanism like LDAP. moving to LDAP over SSL
for looking up a relative small host key compared to using DNS and KEY is
not very lightweight and thus not fast nor simple (despite what the L in
LDAP says). it also doesn't scale as well as DNS.

/Jakob

--
Jakob Schlyter <jakob@crt.se>                Network Analyst
Phone:  +46 31 701 42 13, +46 70 595 07 94   Carlstedt Research & Technology




Home | Date list | Subject list