To:
Bill Manning <bmanning@isi.edu>
Cc:
jas@extundo.com (Simon Josefsson), jseng@pobox.org.sg, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
09 Apr 2002 11:24:04 -0400
In-Reply-To:
<200204091400.g39E0Yo11683@boreas.isi.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject:
Re: Let's assume DNS is involved
Bill Manning <bmanning@isi.edu> writes: > % The caches that will cache keys/certs will be the caches within the > % organizations that chosed to either put keys/certs in DNS or use > % keys/certs from DNS. > > > Say what? I have never seen a caching DNS server that selectivly > caches data. The caches that will cache key/cert data will be > those caches which receive RRsets that include key/cert data. Right, but the only caches that receive RRsets that include key/cert data are the caches that sit in front of organizations that _use_ key/cert data. If an application/resolver never requests key/cert data, it will never hit a cache (because a DNS Server will never arbitrarily send a key/cert RRset in a response). This means that caches in front of key/cert-using users are more likely to see key/cert RRsets than caches sitting in front of users that DONT use key/cert records. > --bill -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available