Earlier versions of the dsn-security draft did have a revocation mechanism but the overwhelming consensus in the dns-security working group was to leave that out of the first version. I have on my queue writing up my ideas in this area a separate draft. Feel free to write up yours. Donald On Mon, 2 Oct 1995, Kenneth E. Rowe wrote:
At 1:58 PM 10/1/95, Donald E. Eastlake 3rd wrote:
DNS security is an important point. People not aware of efforts in this area may want to check out draft-ietf-dnssec-secext-05.txt which has more or less passed working group last call and is being considered by th Security Area Directory / IESG. Reference code is also available (see message pasted at end below).
Donald But the proposed DNS extension itself does not deal with CRL and Key Compromise Lists.
Ken.
------------------------------------------------------------- Kenneth E. Rowe (kerowe@ncsa.uiuc.edu) Senior Security Engineer (217) 244-5270 (Office) / Security Coordinator (217) 244-0710 (NCSA IRST) National Center for Supercomputing Applications *** email ncsa-irst@ncsa.uiuc.edu for computer incident response ***
===================================================================== Donald E. Eastlake 3rd +1 508-287-4877(tel) dee@cybercash.com 318 Acton Street +1 508-371-7148(fax) dee@world.std.com Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)