On Wed, Jun 20, 2018 at 07:47:16AM +1000, Mark Andrews wrote: > SIG(0) has miles of potential. Active Directory shows that hosts updating > their own addresses is useful.
And not just their own addresses. On my TODO list is making DANE more manageable by (optionally) allowing the holder of a private key correspoding to a TLSA "DANE-EE(3) X Y" record to update the containing RRset to introduce the TLSA record for the next key. > SIG(0) provides a similar mechanism without the overhead of AD. It > actually works well today if you spend the time to hook it into a system. > What�s needed is for OS vendors to ship machines with support enabled. > > Use AD if the machine is part of a AD domain and this if it isn�t. It > really isn�t that hard to do it just requires OS developers to do it. I think that SIG(0) could be quite useful, perhaps it was just introduced before its time. -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop