[dnssec-deployment] What does DNSSEC enable?

Rob Austein sra at isc.org
Fri Jan 7 12:31:23 EST 2005


well, draft-ietf-secsh-dns and draft-ietf-ipseckey-rr are both
proposed standards and should be popping out as rfcs Real Soon Now.
both of these use dnssec infrastructure to distribute keys for other
things (ssh and ipsec, respectively).

there are also some entertaining possibilities for dnssec, sig(0),
dhcp, dns dynamic update, and ipv6 stateless address configuration.
the weak link in this picture turns out to be the binding between link
layer addresses and ip layer addresses, at which point ipv6 solutions
like send (cga) start looking attractive.  i don't think we have a
fully-worked story for this even as slideware, let alone running code,
but perhaps we finally have enough of the pieces that it would be
possible to create such a story.



More information about the Dnssec-deployment mailing list