To:
"John Stracke" <jstracke@incentivesystems.com>
Cc:
keydist@cafax.se
From:
Simon Josefsson <simon+keydist@josefsson.org>
Date:
Wed, 12 Jun 2002 00:45:06 +0200
In-Reply-To:
<OF7E9C9277.7028C5C1-ON85256BD5.006E288C@incentivesystems.com> ("JohnStracke"'s message of "Tue, 11 Jun 2002 16:11:18 -0400")
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2.90(i686-pc-linux-gnu)
Subject:
Re: Global PKI on DNS?
"John Stracke" <jstracke@incentivesystems.com> writes: >>Such software would not see this kind of data unless a user >>of the server tried to use this stuff, and in that case I don't see >>why that user couldn't upgrade her own software to get it to work. > > Because it's not their software? If I wanted to do PKI through DNS, and my > ISP's server did not support TCP, I might be stuck. Personally, I don't > depend on my ISP for DNS, but many users do. I don't understand this argument -- if you want to do IPv6 and your ISP only support IPv4, is it the fault of IPv6? No, you go to another ISP that offers IPv6. Or complain to your ISP. Or set up IPv6 yourself, tunneling through your IPv4-only ISP. Same thing with application keys stored in DNS: If you can't get your ISP to support DNS over TCP, or EDNS.0, set up a DNS server that works yourself, or change ISP. Or _you_ can simply chose not to use application keys in DNS, but still allow others to do it if they want to.