To:
dnssec@cafax.se
From:
Dan Massey <masseyd@isi.edu>
Date:
Fri, 31 Aug 2001 13:37:49 -0400
Content-Disposition:
inline
Delivery-Date:
Fri Aug 31 20:35:47 2001
In-Reply-To:
<sjmlmk0tdfx.fsf@rcn.ihtfp.org>; from warlord@MIT.EDU on Fri, Aug 31, 2001 at 12:13:38PM -0400
Sender:
owner-dnssec@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: CERTificates and public keys
On Friday, August 31, 2001 at 12:13PM, Derek Atkins wrote:
|
| Another thing to note: Extra resource records adds complexity to the
| system. Complexity leads to confusion. Confusion leads to bad/broken
| implementation. And bad/broken implementation leads to security
| vulnerabilities. Simplicity would state that we need TWO key-type
| resource records:
Conceptually, I think there are two fundamentally different types of keys
and it makes a lot of sense to keep them in two separate resource records.
| a) DNSSec infrastructure keys
These keys are created and maintained by DNS administrators.
Resolvers must understand and use these keys to obtain DNS data.
Typical applications will not need to see or use these keys.
| b) application keys
These keys are created and maintained by non-DNS applications.
Resolvers must not use these keys to obtain DNS data.
Applications use these keys and make decisions about when to
trust them.
| Note that all application keys should use the SAME RR type. There is
| absoutely no reason to use different types, and a number of reasons
| why it would be bad or confusing.
|
Separating the DNS infrastructure keys from the application keys is the
fundamental goal. After that is done, it seems reasonable to put all
application keys in the one RR type. Inside the RR, an application
type value and Jakob's naming scheme seem sufficient to help distinguish
between application keys.
Dan