Restrict KEY for DNSdraft-ietf-dnsext-restrict-key-for-dnssec-03.txt
Experience with DNSSEC has shown that mixing keys used for DNSSEC itself with application keys is a bad idea
Subtyping
- A DNS query is for a {name,class,type}
- You can not directly query for a key for a specific application directly since the protocol is inside the RDATA section.
Signature simplicity
- all KEY RRs for a owner name are covered by the same signature