Automatic key verification / CERT in DNS / RFC4398
julian at mehnle.net
Fri Apr 7 00:08:13 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Brad Knowles wrote:
> Werner Koch wrote:
> > Do you think splitting the zones up in say us.e.r._pka.example.net
> > would be helpful?
> Putting the zones in a hierarchy will certainly help. That way
> you don't have to change and reload an entire zone with millions of
> users, each time that a single modification has to be made.
> However, I would be careful in choosing a particular hashing
> scheme that will be set in stone -- what is sustainable for a small
> site will be totally inappropriate for a large site.
And here's where I think SPF's macro feature (or a similar facility) would
be useful. It would enable sites to specify their own custom schemes
(within certain limits).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v126.96.36.199 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-devel