24 Jan
2011
24 Jan
'11
9:14 p.m.
I just don't like the notion of deploying a brand new system
you want certificates etc? or did you plan to reuse dns keys? if the former, than all you are discussing is changing the transport to make routing security rely on dns and dns security. not a really great plan. if the latter, then you have the problem that the dns trust model is not congruent with the routing and address trust model. randy