>> ###
<snip>
>> 3. query example.org's local-part lookup service for info (eg public
>> key) mapped to "foobar"
>>
>> 4. this results in an answer (eg public key) or not [eg "not found"
status code]
>> ###
>
> Yes. A lookup service. And if we're going to do this, then there's no
> much point to putting local-part -> public keys in DNS.
yes, possibly. even if the keys were stored in DNS (for whatever
reason(s)), i would suggest doing it as..
immutable-opaque-identifier -> public key
..and then the lookup service knows the mapping of..
local-part -> immutable-opaque-identifier
..and thus can return the key.
> Problem: DNS (even with DNSPRIV) is much more light-weight than any
> service that uses TLS.
>
> Solution: Make a light-weight lookup (idempotent) protocol.
well, we already have at least one that will work (and I'm speaking from
explicit hands-on operational impl & deployment experience) and perhaps
others, i would suggest re-use rather than re-invent.
=JeffH
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
