To:
"'Randy Bush'" <randy@psg.com>, "Loomis, Rip" <loomisg@US-Columbia-CIST.mail.saic.com>
Cc:
dnssec@cafax.se
From:
"Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
Date:
Wed, 5 Sep 2001 11:00:53 -0400
Sender:
owner-dnssec@cafax.se
Subject:
RE: CERTificates and public keys
> > 1. I would strongly prefer to have all the random > > keys that are *not* part of the DNS > > infrastructure end up in a single place. > > i too. outside the dns. why not put them in the aim member > directory? why always the dns? Well, yeah, I'd like them all outside the DNS as well. But, since "no good deed goes unpunished", folks do try to turn DNS into a general-purpose global directory services tree. I feel that we need to provide some limited support for that. Am I incorrect in believing that the esteemed area directors &c. continue to expect DNS to provide a place for sundry non-DNS info? If it's going to end up in DNS (which I think it will) then I want minimum impact, both to existing implementations and for the future. That's why I recommend a new APPKEY that would subsume the role of CERT. I *don't* want to have separate RR types for SSHKEY, CERT, OTHERNEWKEY, etc. Yes, all three of the applications (SWAG estimate) that are currently using the CERT record would need to be overhauled. Maybe we *do* need the SINK RR draft to be exhumed. --Rip