Re: From whence we came...

[Keith Moore <moore@cs.utk.edu>]

> I do think many of those limitations (I did get the message but
> haven't responded to that part) have been solved already.  DNSSec
> already required EDNS0 which already fixes a number of those problems
> (such as message size).

Protocol issues aside, I think it's probably useful to separate functions 
between DNS (which provides lookups down to about the host name level) 
and lookups on finer-grained identifiers, like service identifiers and
user names.  

Partially this is because having a new flexible lookup service delegated 
to by DNS would allow finer-grained queries, and would relieve pressure 
to extend DNS for every new application that needs to associate some bit
of data with a domain name.

Partially this is because the hostname-to-address mappings (stored in 
DNS) tend to be maintained by a different party than the one that 
maintains the hosts, or the services on a host, or the resources
associated with a domain name (which might not even be associated with
any particular host).  

So to me it makes sense to let the metadata about a host, or about 
services named by a domain name, be obtained from a separate service 
that is optimized for that purpose, preserving DNS for its original
purposes (address lookup, inverse lookup, domain delegation) and for 
those uses that are well-established (e.g. MX records).

keydist alone might not justify such an investment, but keydist along
with other services does justify that kind of investment.  IMHO.

Keith