[dnssec-deployment] Answers to questions asked at the DNSSEC meeting

Paul Vixie paul at vix.com
Mon May 24 19:04:29 EDT 2004


dynamic SEP management is a lot to ask of every 3G device and 802.11 PDA
and 802.11 VoIP portable to execute, either on a scheduled basis, or when
they see a REVOKE bit, or whatever.  a lot of these devices will remain
powered off, or off-network, for weeks or months at a time.  when they are
actually online, it's possible that their owners will want to use their
bandwidth for non-DNSSEC-key-maintainance activities.  on an endstation
by endstation basis, i'm not sure we can implicitly demand this level of
sophistication.  it's a lot more likely that endstations will get their
SEPs from their DHCP server than as a side effect of executing DNSSEC.

(i'm keeping in mind the reasons why the community rejected A6/bitstring.)



More information about the Dnssec-deployment mailing list