To:
Derek Atkins <warlord@MIT.EDU>
cc:
Keith Moore <moore@cs.utk.edu>, Ted.Hardie@nominum.com, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Wed, 09 Jan 2002 17:36:41 -0500
In-reply-to:
Your message of "09 Jan 2002 17:21:28 EST." <sjmlmf7mahj.fsf@indiana.mit.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
> I do think many of those limitations (I did get the message but > haven't responded to that part) have been solved already. DNSSec > already required EDNS0 which already fixes a number of those problems > (such as message size). Protocol issues aside, I think it's probably useful to separate functions between DNS (which provides lookups down to about the host name level) and lookups on finer-grained identifiers, like service identifiers and user names. Partially this is because having a new flexible lookup service delegated to by DNS would allow finer-grained queries, and would relieve pressure to extend DNS for every new application that needs to associate some bit of data with a domain name. Partially this is because the hostname-to-address mappings (stored in DNS) tend to be maintained by a different party than the one that maintains the hosts, or the services on a host, or the resources associated with a domain name (which might not even be associated with any particular host). So to me it makes sense to let the metadata about a host, or about services named by a domain name, be obtained from a separate service that is optimized for that purpose, preserving DNS for its original purposes (address lookup, inverse lookup, domain delegation) and for those uses that are well-established (e.g. MX records). keydist alone might not justify such an investment, but keydist along with other services does justify that kind of investment. IMHO. Keith