At 10:48 19/08/00, Keith Moore wrote:
>to put it in a different way, will it be operationally necessary
>to use MB records which contain IDNs, in order to use IPsec with
>IDNs? or would it be possible for those MB records to contain
>only DNS names?
I consider an IDN to be a kind of DNS name. So I'm still
confused by your phrasing. In which way are "only DNS names"
not "IDNs" in your terminology ? What would be an example of an
"IDN" that is not a "DNS name" in a timeframe where IDNs exist ?
I believe it is operationally necessary to have the right-hand
portion of an MB record be an IDN, in a timeframe when IDNs exist.
>does the domain of the email address in an MB record used for
>IPsec necessarily have anything to do with the domain of the
>record itself? or (like the addresses in SOA records) can the
>two domains be different?
Historically, in an IPsec context, I'm only aware of MB
records where the right-hand component of the MB record was identical
with the domain that holds that MB record. Further investigation
would be needed to determine whether that is a hard design requirement,
a practical requirement, an operational necessity, or not a requirement.
My off-the-cuff belief is that its a hard design requirement.
The security use of MB records is NOT similar to the way
SOA records are used.
Ran
[EMAIL PROTECTED]
