Brad Knowles brad.knowles at
Fri Aug 2 21:56:58 UTC 2002

At 1:13 PM -0400 2002/08/02, Matt Larson wrote:

>  $GENERATE is not applicable to KEY:
>  draft-ietf-dnsext-restrict-key-for-dnssec deprecates all non-DNSSEC uses
>  for KEY, confining that type to the zone apex.

	Hmm.  Do you have any idea how widely known this is?  How many of 
the IPSEC implementation teams know about this?

>                                                  The DNSSEC document
>  rewrite effort has included this sentiment; see the KEY section of
>  draft-ietf-dnsext-dnssec-records.  The restrict-KEY train has basically
>  left the station, as best as I can tell.

	Hmm.  Okay.  I'll pass this on.  Thanks!

Brad Knowles, <brad.knowles at>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

More information about the bind-workers mailing list