•Pitfalls to avoid when
creating a new RR type to store application
key material
–Avoid Subtypes
–Don’t assume DNSSEC is
the right trust model
•Define and Justify why DNS and/or DNSSEC makes sense to use in an already existing trust model.
•Clearly state impact
on the DNS
–Should be “minimal”
(i.e. Just a data RR like TXT)
•Anything requiring a
change will probably be a problem.
•Good idea to include
someone with DNS experience to consult on
these issues.