To:
<dnssec@cafax.se>
From:
Edward Lewis <lewis@tislabs.com>
Date:
Thu, 6 Sep 2001 16:00:23 -0400
In-Reply-To:
<5.1.0.14.2.20010906135637.02764030@localhost>
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
At 2:25 PM -0400 9/6/01, Ólafur Guðmundsson wrote: >DNS lesion: sub typing is BAD BAD BAD, Please, please elaborate. I, for one, have been repeating this yet have never had anyone supply me with a truely horrible tale of woe. I don't doubt your words but I need more than folklore to justify work. >I, in general do not see any problem with having both APPKEY and CERT >records for use by applications as long as the goal is for each >application to use ONLY ONE of the two. But there will be applications >like IPSEC where CERT is specified but people will try to escape from >the extortion/certificate authorities thus migrating to APPKEY. Isn't it up to the application to do what it wants? (Why should DNS care?) I have no problem recommending that an application designer stick to just one, but beyond that we voyaging beyond the scope of the DNS(sec). -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NAI Labs Phone: +1 443-259-2352 Email: lewis@tislabs.com You fly too often when ... the airport taxi is on speed-dial. Opinions expressed are property of my evil twin, not my employer.