DNSEXT 2
DS
- At IETF DS draft seemed to be at it’s latest revision.
- Workshop on DS in DC (more details later)
DNS thread model document is still being worked on
- DNSSEC will need to protect wildcards?
- Wildcards will need on-line signing.
Other DNSSEC related work
- Restrict KEY
- Public key material used by protocols (SSH, IPsec) will need to get their own RRs.
- GSS-TSIG and TKEY-Renewal
- GSS-TSIG violates TSIG specs
- TKEY allows for automatic renegotiating of symmetric keys