To:
Bill Manning <bmanning@isi.edu>
Cc:
jas@extundo.com (Simon Josefsson), jseng@pobox.org.sg, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
09 Apr 2002 11:24:04 -0400
In-Reply-To:
<200204091400.g39E0Yo11683@boreas.isi.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject:
Re: Let's assume DNS is involved
Bill Manning <bmanning@isi.edu> writes:
> % The caches that will cache keys/certs will be the caches within the
> % organizations that chosed to either put keys/certs in DNS or use
> % keys/certs from DNS.
>
>
> Say what? I have never seen a caching DNS server that selectivly
> caches data. The caches that will cache key/cert data will be
> those caches which receive RRsets that include key/cert data.
Right, but the only caches that receive RRsets that include key/cert
data are the caches that sit in front of organizations that _use_
key/cert data. If an application/resolver never requests key/cert
data, it will never hit a cache (because a DNS Server will never
arbitrarily send a key/cert RRset in a response).
This means that caches in front of key/cert-using users are more
likely to see key/cert RRsets than caches sitting in front of users
that DONT use key/cert records.
> --bill
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available