To:
Jakob Schlyter <jakob@crt.se>
cc:
Derek Atkins <warlord@MIT.EDU>, Edward Lewis <lewis@tislabs.com>, <dnssec@cafax.se>
From:
Simon Josefsson <jas@extundo.com>
Date:
Fri, 31 Aug 2001 17:29:55 +0200 (CEST)
Delivery-Date:
Fri Aug 31 21:13:03 2001
In-Reply-To:
<Pine.BSO.4.33.0108311648320.12076-100000@fonbella.crt.se>
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
On Fri, 31 Aug 2001, Jakob Schlyter wrote: > On 31 Aug 2001, Derek Atkins wrote: > > > CERT records _DO_NOT_ imply X.509. A CERT record gives you the > > ability to store key information in the DNS in parallel to the DNSSec > > keying material. This way a DNSSec client WILL NOT get confused. > > correct, but cert implies that it contains a public key and a signature. Well, the CERT RR already discuss CRLs which isn't a signed public key. It seems to me that the CERT RR is a everything-applications-might-want- that-is-PKI-related RR.