Restrict KEY for DNSdraft-ietf-dnsext-restrict-key-for-dnssec-03.txt

• Experience with DNSSEC has shown that mixing keys used for DNSSEC itself with application keys is a bad idea

• Subtyping

  • A DNS query is for a {name,class,type}
  • You can not directly query for a key for a specific application directly since the protocol is inside the RDATA section.

• Signature simplicity

  • all KEY RRs for a owner name are covered by the same signature

Previous slide

Next slide

Back to first slide

View graphic version