The true choices here are three fold:
1) Only use DNS based keying
2) Design a completely new non-DNS based keying
mechanism from scratch
3) Support the use of existing non-DNS keying mechanisms
that are approved standards
Phillip, this post again throws me into confusion on what it is you are
asking for. Point (3) sounds like a request for non-DNS "key fetching"
mechanisms when what I thought you were advocating was a place in the key
record to point to additional accreditation information. Please help me
understand. Not everyone on this list (especially me) has the expert
knowledge that you do.
(a) What is meant by "non-DNS keying mechanism"?
(b) is (a) a separate issue from the "pointer to additional addreditation
information" in the key record that I thought you were advocating.
Sorry, I have to have things spelled out to me like a child sometimes so
that I'm clear I understand.
--
Arvel