Automatic key verification / CERT in DNS / RFC4398
Julian Mehnle
julian at mehnle.net
Fri Apr 7 00:08:13 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brad Knowles wrote:
> Werner Koch wrote:
> > Do you think splitting the zones up in say us.e.r._pka.example.net
> > would be helpful?
>
> Putting the zones in a hierarchy will certainly help. That way
> you don't have to change and reload an entire zone with millions of
> users, each time that a single modification has to be made.
>
> However, I would be careful in choosing a particular hashing
> scheme that will be set in stone -- what is sustainable for a small
> site will be totally inappropriate for a large site.
And here's where I think SPF's macro feature (or a similar facility) would
be useful. It would enable sites to specify their own custom schemes
(within certain limits).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFENZFOwL7PKlBZWjsRAj6WAKCKg2ZYbVt/dyqDJqaJfnLJctNDIwCfXxdT
LFrBo/GUVtIN428RRI5y4/s=
=668O
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list