On Wed, Jun 20, 2018 at 07:47:16AM +1000, Mark Andrews wrote:
> SIG(0) has miles of potential. Active Directory shows that hosts updating
> their own addresses is useful.
And not just their own addresses. On my TODO list is making DANE
more manageable by (optionally) allowing the holder of a private
key correspoding to a TLSA "DANE-EE(3) X Y" record to update the
containing RRset to introduce the TLSA record for the next key.
> SIG(0) provides a similar mechanism without the overhead of AD. It
> actually works well today if you spend the time to hook it into a system.
> What�s needed is for OS vendors to ship machines with support enabled.
>
> Use AD if the machine is part of a AD domain and this if it isn�t. It
> really isn�t that hard to do it just requires OS developers to do it.
I think that SIG(0) could be quite useful, perhaps it was just
introduced before its time.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
