On 18 jul 2010, at 10.27, John C Klensin wrote:
Those problems are most evident with
aliases like CNAME and DNAME but, from the cross-tree pointer
perspective, MX, NAPTR, and your new proposal may be just
aliases on steroids.
My suggestion in this draft (as explained in the Security Considerations
Section of draft-faltstrom-uri) is to have the URI RR secured by DNSSEC, and
then SSL cert match the hostname in the URI that you find in the RDATA.
Patrik
PGP.sig
Description: This is a digitally signed message part
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf