To:
Randy Bush <randy@psg.com>
Cc:
<dnssec@cafax.se>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Thu, 10 May 2001 23:57:29 +0200 (MEST)
Delivery-Date:
Fri May 11 07:38:35 2001
In-Reply-To:
<E14xw3q-0000Ru-00@roam.psg.com>
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
On Thu, 10 May 2001, Randy Bush wrote: > and this is why the problem has never been fixed. we keep adding more > rotten tomatoes to the overfilled can because there always seems to be room > for one more tomato, and there are no other containers as easily abused. I would say dns is very good at storing data that looks like, or could be made to look like, a domain name. using dns for storing host keys (or any keys that looks like a domain name) is not abusive. it's perhaps not the dns that we're used to, but it is still dns. with dnssec we have a secure, relative small and lightweight lookup mechanism for things that looks like domain names - let's use it. jakob -- Jakob Schlyter <jakob@crt.se> Network Analyst Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology