DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Simon Josefsson <simon+dnssec@josefsson.org>
Cc: "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>, Derek Atkins <warlord@MIT.EDU>, Scott Rose <scottr@antd.nist.gov>, <dnssec@cafax.se>
From: Jakob Schlyter <jakob@crt.se>
Date: Tue, 4 Sep 2001 22:24:12 +0200 (MEST)
In-Reply-To: <ilun14ayaui.fsf@barbar.josefsson.org>
Sender: owner-dnssec@cafax.se
Subject: Re: CERTificates and public keys

On Tue, 4 Sep 2001, Simon Josefsson wrote:

> I believe the easiest way to implement this "other RR" is by using the
> CERT RR and recommending applications to register their own
> certificate type number and put whatever makes them as the data blob.
> Applications that store raw public keys would of course need the
> security services of TSIG, DNSSEC, IPSEC etc as well.
>
> Deprecating CERT and using APPKEY instead would also work fine

combining the application part of KEY and the certificate part of CERT
into APPKEY could work.

> But having both CERT and APPKEY used by applications would be
> confusing.

how would that be confusing? would your PKI application suddenly start
quering for a raw public key?

	jakob

Follow-Ups:
- Re: CERTificates and public keys
  - From: Simon Josefsson <jas@extundo.com>

References:
- Re: CERTificates and public keys
  - From: Simon Josefsson <simon+dnssec@josefsson.org>

Prev by Date: Re: CERTificates and public keys
Next by Date: Re: CERTificates and public keys
Prev by thread: Re: CERTificates and public keys
Next by thread: Re: CERTificates and public keys
Index(es):
- Date
- Thread

Home | Date list | Subject list