To:
Jakob Schlyter <jakob@crt.se>
Cc:
Derek Atkins <warlord@MIT.EDU>, Scott Rose <scottr@antd.nist.gov>, dnssec@cafax.se
From:
Dan Massey <masseyd@isi.edu>
Date:
Tue, 4 Sep 2001 13:57:15 -0400
Content-Disposition:
inline
In-Reply-To:
<Pine.BSO.4.33.0109041919570.15752-100000@fonbella.crt.se>; from jakob@crt.se on Tue, Sep 04, 2001 at 07:23:34PM +0200
Sender:
owner-dnssec@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: CERTificates and public keys
On Tuesday, September 04, 2001 at 07:23PM, Jakob Schlyter wrote: | On 4 Sep 2001, Derek Atkins wrote: | | > It's well known that 2535 needs updating. We don't need APPKEY | > to do it. | | if we choose not to store raw public keys in CERT, we need something like | APPKEY. | | I'm not sure how we can move forward on this discussion - we either have | people who think it's misuse to put raw public keys in CERT and people who | doesn't think there is a problem with doing that. the former probably | support APPKEY and the latter does not. | | jakob Perhaps we have some consensus on at least one point. Does anyone object to restricting the KEY so it only holds DNS keys? Application keys will be stored in some form of APPKEY or CERT, but we clearly don't agree on the details yet. If there is some consensus on restricting the KEY RR, this would greatly help Scott and I in the RFC 2535 update. Dan