On 18 jul 2010, at 10.27, John C Klensin wrote: > Those problems are most evident with > aliases like CNAME and DNAME but, from the cross-tree pointer > perspective, MX, NAPTR, and your new proposal may be just > aliases on steroids.
My suggestion in this draft (as explained in the Security Considerations Section of draft-faltstrom-uri) is to have the URI RR secured by DNSSEC, and then SSL cert match the hostname in the URI that you find in the RDATA. Patrik
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
