To:
Jakob Schlyter <jakob@crt.se>
cc:
Randy Bush <randy@psg.com>, dnssec@cafax.se
From:
Jaap Akkerhuis <jaap@bartok.sidn.nl>
Date:
Tue, 01 May 2001 14:50:17 +0200
Delivery-Date:
Wed May 2 09:10:10 2001
In-reply-to:
Your message of Tue, 01 May 2001 11:33:53 +0200. <Pine.BSO.4.33.0105011124430.24513-100000@fonbella.crt.se>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
> o what we have is a generic problem, how to go securely from a secured
> lookup in the dns to a wide set of secure APPLICATIONS on hosts.
but the questions is if whether we should use only DNS or have it
reference yet another lookup mechanism like LDAP. moving to LDAP over SSL
for looking up a relative small host key compared to using DNS and KEY is
not very lightweight and thus not fast nor simple (despite what the L in
LDAP says). it also doesn't scale as well as DNS.
Before we jump into solutions, we should first see do an inventory
of what the possible problems are and wether more of these similar
problems can be expected.
That will give a better insight into what to do.
jaap