[dnssec-deployment] Answers to questions asked at the DNSSEC meeting

Paul Vixie paul at vix.com
Mon May 24 20:53:46 EDT 2004


> >...
> >(i'm keeping in mind the reasons why the community rejected A6/bitstring.)
> 
> ...
> The ID and Johan's proposal are mostly targeted at the statically
> configured infrastructure devices such as caching resolvers.  It may
> be that the eventual right answer is to have them do a limited DHCP
> dip to grab the locally configured trust anchor policy information.
> Or a global grab to a central registry.  Or something else?  I'd just
> like a common mechanism in the resolvers earlier rather than later.

it would be a kindness, under those circumstances, if you could qualify
your proposal with words like "heavyweight" or even "statically config'd
infrastructure devices such as caching resolvers" and then mention a need
for a lighter weight mechanism for mobile, handheld, or only-periodically
connected devices.

is it also the case that your proposal is just for early deployment, or
do you anticipate that this key management will be a permanent feature?



More information about the Dnssec-deployment mailing list