To:
Edward Lewis <lewis@tislabs.com>
Cc:
<dnssec@cafax.se>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Tue, 4 Sep 2001 22:05:29 +0200 (MEST)
In-Reply-To:
<v03130305b7bac63f6a78@[199.171.39.4]>
Sender:
owner-dnssec@cafax.se
Subject:
RE: CERTificates and public keys
On Tue, 4 Sep 2001, Edward Lewis wrote: > What if...we create an CERT RR type (see RFC 2538) for "raw public key." > Then we would be effectively combining APPKEY and CERT into an already > documented RR. The remaining problem would be to stuff the version number > and application identifier into the "raw" public key. except that it would no longer be a certificate since it does not contain its own authenticating signature. this is one of the problems. perhaps I'm the only one having a problem with this? another problem is, as scott wrote, that there is no information on what protocol the certificate should be used for. this could be put into the owner name, but I'm not sure that is the right solution. jakob