[dnssec-deployment] Answers to questions asked at the DNSSEC meeting
paul at vix.com
Mon May 24 20:53:46 EDT 2004
> >(i'm keeping in mind the reasons why the community rejected A6/bitstring.)
> The ID and Johan's proposal are mostly targeted at the statically
> configured infrastructure devices such as caching resolvers. It may
> be that the eventual right answer is to have them do a limited DHCP
> dip to grab the locally configured trust anchor policy information.
> Or a global grab to a central registry. Or something else? I'd just
> like a common mechanism in the resolvers earlier rather than later.
it would be a kindness, under those circumstances, if you could qualify
your proposal with words like "heavyweight" or even "statically config'd
infrastructure devices such as caching resolvers" and then mention a need
for a lighter weight mechanism for mobile, handheld, or only-periodically
is it also the case that your proposal is just for early deployment, or
do you anticipate that this key management will be a permanent feature?
More information about the Dnssec-deployment