[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Jakob Schlyter <jakob@crt.se>
Cc: <dnssec@cafax.se>
From: Randy Bush <randy@psg.com>
Date: Fri, 11 May 2001 09:55:23 +0000
Delivery-Date: Sat May 12 07:48:03 2001
Sender: owner-dnssec@cafax.se
Subject: Re: Keys at apex problem - New PUBKEY RR?

> I would say dns is very good at storing data that looks like, or could be
> made to look like, a domain name.

this logic leads to using it to replace the phone book.

> with dnssec we have a secure, relative small and lightweight lookup
> mechanism for things that looks like domain names

so far, with dnssec, we have something that is complex, is not well
understood, does not have a documented threat model, and is not yet
deployable.  why don't we pile more <bleep> on it to improve the
situation?

randy

Home | Date list | Subject list