[dnssec-deployment] Looking for lost generic application/ssl/fingerprint DNS record draft?

Paul Wouters paul at xelerance.com
Wed Nov 4 16:19:40 EST 2009


On Wed, 4 Nov 2009, Florian Weimer wrote:

>> I while ago I was looking at generic public keys/ fingerprints storage
>> in dns records. Eg the SSHFP record but more generic. I vaguely remember
>> a draft or abandonded draft, where the issue was how generic and how
>> specific the record should be to make it the most useful, and try to
>> avoid the "one record type per application" situation.
>
> RFC 4398.  There's still no chain from DNSSEC to transport or
> application layer crypto, though.

No, I don't mean the CERT record. There was a draft (or pre-draft) on a generic
method for a key/fingerprint record. This had nothing to do with X.509.

Paul



More information about the Dnssec-deployment mailing list