As another comment here, about the only thing you can take from the DNS is the ->name<- of a key, if the use is to be applied outside of DNS as data in itself. This came up in PKIX, and got sat on pretty quick.
Unless I mis-read the Security directorate black hat view, its not permissable to use DNSSEC keys to secure any other aspect of the Internet, apart from the DNS itself. So we'd be talking about an RR identifying a key, to be found in some other context specific key distribution framework. Right? -george #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
