To:
randy@psg.com
Cc:
GILBERT.R.LOOMIS@saic.com, dnssec@cafax.se
From:
Havard Eidnes <he@uninett.no>
Date:
Fri, 07 Sep 2001 11:47:03 +0200 (CEST)
In-Reply-To:
<E15edwu-000CjP-00@rip.psg.com>
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
> > 1. I would strongly prefer to have all the random > > keys that are *not* part of the DNS > > infrastructure end up in a single place. > > i too. outside the dns. why not put them in the aim member > directory? why always the dns? I have never quite fathomed why some seem to have an ingrained fear of adding more data to the DNS. I can however understand why DNS with DNSSEC is an attractive mechism -- why should one have to reinvent a new protocol which will need to more or less duplicate DNS' functionality? Would you care to explain why this is problematical? I would think that 1) the growth of the size of the data would all be at the edges (authoritative servers) or felt at the edges (recursive servers), where resources can relatively easily be scaled up to handle the added demand. 2) making more services depend on the DNS would perhaps make people put more attention to their DNS setups' performance, correctness and resiliency (one can always hope...) Regards, - Håvard