Lessons Learned from DNS KEY
Pitfalls to avoid when creating a new RR type to store
application key material
Don’t assume DNSSEC is the right trust model
Define and Justify why DNS and/or DNSSEC makes sense to use in an
already existing trust model.
Clearly state impact on the DNS
Should be “minimal” (i.e. Just a data RR like TXT)
Anything requiring a change will probably be a problem.
Good idea to include someone with DNS experience to
consult on these issues.