To:
"Dan Massey" <masseyd@isi.edu>, <dnssec@cafax.se>
From:
"Scott Rose" <scottr@antd.nist.gov>
Date:
Fri, 4 May 2001 08:42:47 -0400
Delivery-Date:
Sat May 5 08:29:36 2001
Sender:
owner-dnssec@cafax.se
Subject:
Re: keys at apex (key points)
<snip> > > I would like to suggest the following for the KEY record. In the RFC 2535 > revision, we leave the KEY format unchanged. However, only the DNSSEC > protocol type will be explicitly defined. For other protocol types, the > revision will reference a second document that will discuss the proper use > of application keys, the process for defining a new KEY protocol type, the > risks to consider, and general directions for application designers who > might choose to use this. This app key document could present Jakob's > labeling approach or present any of the other alternatives or perhaps > Randy could convince the group that no other protocol type should be > allowed. I would like to contribute to this document's discussion of the > risks and things to avoid. (I think others are better suited to stating > the correct solution). The consideration of this document should reflect > the bigger picture issues raised by Randy. > I think the "DNSSEC only" KEY description is the easiest way to go for now. The problem of how best to store application keys in the DNS (if at all) is a larger DNS issue, not strictly a DNSSEC issue. Do we have people to volunteer to write up each proposal as a lightweight draft for the WG? Scott