At 12:45 PM 5/13/2003 -0400, Eric Dean wrote:
>
> Here is a first rough idea.
>
> The DNS admin provides a set of public keys as new DNS records (along the
> lines of Paul Vixie's proposed Mail From MX records, so no big
> implementation hassle for DNS) along with a key index for each key (just a
> tag distinguishing it from all the other keys for the same domain).
DNS has a rarely used Options field whereby you can insert various
information. We were going to use it for DNS-based content delivery
interworking (CDI)..though that WG is all but dead. We had used it to pass
the source IP of the originating resolver so that the destination CDN could
best geo-position the content. Such a field might come into play here and
is fully interoperable with all DNS servers..it's simply igntored.
Anytime we want to get involved with DNS, we must keep in mind the current
state of security of the entire DNS system. If we end up defining some form
of a DNS-based standard, perhaps we should mandate the use of secure DNS.
Yakov
---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research(_at_)solidmatrix(_dot_)com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg