To:
Simon Josefsson <simon+dnssec@josefsson.org>, dnssec@cafax.se
From:
Allison Mankin <mankin@east.isi.edu>
Date:
Tue, 04 Sep 2001 18:14:49 -0400
In-reply-to:
Your message of 04 Sep 2001 17:45:05 -0400. <sjmr8tmr5pa.fsf@rcn.ihtfp.org>
Reply-To:
mankin@isi.edu
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
Wrt to defining APPKEY, Simon Josefsson wrote: > Why not? What's wrong with burning another RR number? For the right need, nothing, but a new RR means passing another spec through the standards process (and the IESG, where there be dragons), as well as extending the implementations. I read RFC2538 as admitting a use like this one. The breadth of the type field and the IANA considerations show that varied uses of the CERT record are expected. Also I find that this discussion is in the weeds when many folks here are giving opinions that because it's a "CERT", it must be X.509 or have a CA. A member of the Security Mafia :) (Derek) has told us otherwise... Allison