To:
Randy Bush <randy@psg.com>
Cc:
dnssec@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
05 Sep 2001 11:52:23 -0400
In-Reply-To:
Randy Bush's message of "Wed, 05 Sep 2001 08:41:12 -0700"
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
Randy Bush <randy@psg.com> writes:
> > I've got a solution to that: nothing states that you can't delegate
> > keys to another subdomain and host it on different servers.
>
> hmmm. interesting hack. have to think about
Thinking is good. Everyone should do it once in a while ;)
> o where to actually fork. i.e. one could make the extreme example
> of a new root class.
IMHO that would be extreme. I don't think you want to have a new
class, because then you need a whole new set of root servers and have
to build the whole DNS over again, duplicating all the delegation
records. This was the downfall of Hesiod and why it has "moved" over
to the IN class. Similarly, this is why SRV records and in "IN".
> o trust issues, how closely bound one wants the app data with a
> verifiable dnssec tree for the namespace
This is true as well. I don't have a good answer.
> randy
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available