To:
simon+dnssec@josefsson.org (Simon Josefsson)
Cc:
ogud@ogud.com (Ólafur Guðmundsson), jakob@crt.se (Jakob Schlyter), warlord@MIT.EDU (Derek Atkins), scottr@antd.nist.gov (Scott Rose), dnssec@cafax.se
From:
Bill Manning <bmanning@isi.edu>
Date:
Thu, 6 Sep 2001 14:35:50 -0700 (PDT)
In-Reply-To:
<Pine.LNX.4.33.0109062223400.31671-100000@slipsten.extundo.com> from "Simon Josefsson" at Sep 06, 2001 11:01:30 PM
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
% *ponders* So if I understand correctly, CERT is flawed because it uses % sub-typing. APPKEY using SRV naming is "better" (altough I fail to see % how) but still uses sub-typing, so with the same reasoning it wouldn't be % good either. New RRs is better but would be harder to put into use because % of implementation issues. And the deployment scope of APPKEY is... -zero- % After this thread I don't care much about which one, just as long as there % is one. But considering that CERT exists and is implemented, I think it % is a good candidate. If they are both fundamentally the same, and one has some supported code deployed then the main hurdle is overcoming minor semantic misconceptions and figuring out how to live with a form of subtyping. -- --bill