To:
Edward Lewis <lewis@tislabs.com>
Cc:
dnssec@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
04 Sep 2001 14:51:30 -0400
In-Reply-To:
Edward Lewis's message of "Tue, 4 Sep 2001 14:00:38 -0400"
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
Edward Lewis <lewis@tislabs.com> writes:
> What if...we create an CERT RR type (see RFC 2538) for "raw public key."
> Then we would be effectively combining APPKEY and CERT into an already
> documented RR. The remaining problem would be to stuff the version number
> and application identifier into the "raw" public key.
Gee, why didn't *I* think of that? ;)
> I think we'd end up complicating the CERT RR handling software as much as
> adding a new RR. So I'm not sure combining the two would work all that
> well.
It would be less confusing than having to have each app decide whether
it's looking for a 'Cert' or 'Appkey' record when it wants to look for
a key in the DNS. Having a single place to look is a Good Thing (TM).
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available