OID and other nonexisting resource records...
Gunther Schadow
gunther at aurora.rg.iupui.edu
Tue Jun 27 00:39:25 UTC 2000
Hi,
I have a few questions to those who understand the tradition of DNS
and might have a feeling about its future. I'll make three short
questions out of it:
(1) Has there ever been a resource record for ISO OIDs proposed for DNS?
(2) Why is X.500/LDAP needed when DNS exists?
(3) With KEY and CERT records today, will DNS be a common widely used
means for public key and certificate distribution beyond what's needed
for secure DNS operation?
Ad 1) It would seem as if one could use the DNS to resolve OIDs and
to allow tying the OID hierarchy together. Otherwise you are pretty
hosed when trying to resolve 2.16.840.1.113883 an impossible endeavor.
With DNS, an OID would behave just like a domain. At the end, each OID
domain has either an authoritative name server assigned, or some
cleartext name, e-mail, and 3-d world contact address for it. The
existing DNS infrastructure could thus be used to work with OIDs. Of
course, whether ISO would be willing to use such a profane protocol
as DNS to publish root authority information is another story. :-)
Ad 2) I probably have an answer: because X.500 is able to associate
multiple attributes (tag-value pairs) to nodes in the name-graph
while DNS traditionally has only one short piece of information for
each entry. But why not make an attribution DNS record, that can
associate these name-value pairs as well? For instance, it could be
some small piece of XML? Is there any DNessiquette that would not
allow DNS resource values to exceed a certain small number of bytes?
Why would you want that? Well, at some point consolidating of
functionality around one protocol suite might reduce maintenance
and operating expenses.
Ad 3) This question is very real. I wonder which way to go for
IPsec communication. So far I haven't got the feeling which key-
distribution mechanism will prevail? All I've seen is that IPsec
implementation require you to configure keys pretty manually (by
typing them in!) or use peculiar protocols. What will the de facto
standard be? Is DNS considered a credible and likely option?
any hints or references (FAQ? papers?) are appreciated,
thank you,
-Gunther
-- Binary/unsupported file stripped by Listar --
-- Type: text/x-vcard
-- File: gunther.vcf
-- Desc: Card for Gunther Schadow
More information about the bind-users
mailing list