We believe DNS would make a good distribution point of application keys and certificates for large scale systems. The main reason is that DNS is a unique and ubiquitous provider of bindings between commonly used names (i.e., email addresses and hostnames) to pieces of data. We have also seen that DNS is generally more efficient than LDAP.
With regard to the recent Secure DNS standardization process, our results from chapter 5 suggest that Secure DNS should not be used in zones where privacy sensitive information is stored. Applications that require or are able to make use of Secure DNS are recommended to use approaches such as the NO record outlined.
One area that warrents further work is authenticating updates in DNS. As our section 4.3, ``Updating Certificates in a Directory'', shows, only shared symmetric keys are in use today.