Kerberos transport DNS record design
Petr Spacek
pspacek at redhat.com
Thu Jun 9 11:06:15 EDT 2016
On 7.6.2016 17:56, Matt Rogers wrote:
> On 06/01, Petr Spacek wrote:
>>
>> For the record, opinions of DNS gurus from dnsop list can be found in dnsop
>> archives:
>> http://www.ietf.org/mail-archive/web/dnsop/current/msg17526.html
>>
>> Message
>> http://www.ietf.org/mail-archive/web/dnsop/current/msg17527.html
>> indicates that it might be possible to standardize this if you try it.
>>
>> Message
>> http://www.ietf.org/mail-archive/web/dnsop/current/msg17534.html
>> argues that URI is good enough and that TXT is a bad practice.
>>
>>
>> Pick an answer which suits you the best :-)
>>
>
> Since there is encouragement for URI here it seems like moving forward
> with the URI is the right thing to do. If the hosting
> provider/middle-box issue is something that we do not need to worry
> about, is there still a downside to settling on the URI right now and
> standardizing it in parallel? From the code standpoint there will not
> be much difference vs. the TXT RR.
It would be good to get some actual data about URI feasibility.
Are you able to get your DNS provider to add an URI record? Do you have an
account on Amazon/Azure/others and ability to open a ticket?
That would help to get hard data and after that we would have something to
base decisions on.
--
Petr Spacek @ Red Hat
More information about the krbdev
mailing list