DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Derek Atkins <warlord@MIT.EDU>
Cc: "Scott Rose" <scottr@antd.nist.gov>, <dnssec@cafax.se>
From: Edward Lewis <lewis@tislabs.com>
Date: Tue, 4 Sep 2001 13:10:45 -0400
In-Reply-To: <sjmy9nurj2d.fsf@rcn.ihtfp.org>
Sender: owner-dnssec@cafax.se
Subject: Re: CERTificates and public keys

At 12:56 PM -0400 9/4/01, Derek Atkins wrote:
>"Scott Rose" <scottr@antd.nist.gov> writes:
>
>> If the application is relying on DNS to provide the data/origin
>> authentication, then a KEY (or APPKEY?  or some other method) should be
>> used.
>
>No, a KEY record should ONLY be used for DNSSec keys.  No application
>keys should be put into KEY records.

Scott did say "or APPKEY".  ;)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                NAI Labs
Phone: +1 443-259-2352                      Email: lewis@tislabs.com

You fly too often when ... the airport taxi is on speed-dial.

Opinions expressed are property of my evil twin, not my employer.

References:
- Re: CERTificates and public keys
  - From: Dan Massey <masseyd@isi.edu>
- Re: CERTificates and public keys
  - From: "Scott Rose" <scottr@antd.nist.gov>
- Re: CERTificates and public keys
  - From: Derek Atkins <warlord@MIT.EDU>

Prev by Date: Re: CERTificates and public keys
Next by Date: Re: CERTificates and public keys
Prev by thread: Re: CERTificates and public keys
Next by thread: Re: CERTificates and public keys
Index(es):
- Date
- Thread

Home | Date list | Subject list