[resend] Use of DNS to distribute keys

[atkinson@itd.nrl.navy.mil (Ran Atkinson)]

[ This bounced from the IP Security list because of bad typing
   and so my apologies to the DNS folks for the resend.]

	For several years now I've been thinking that the DNS is
probably a really good way to distribute keys (or key certificates).
For example, if each host had a public key accessible via the DNS, one
could more easily setup a secure session key between oneself and the
remote host that one wished to communicate with.  Also, one might be
able to encrypt UDP packets using asymmetric encryption for the odd
case where one only wanted to send one or two packets and thereby
avoid the overhead of setting up a session key for extremely brief
sessions.

	With all the current activity on an IPv4 Security Protocol and
adding security to the DNS, I'm wondering what the DNS wizards think
about this idea and whether anyone knows of any past experiments along
this line.

	I've cross-posted this to the IPv4 Security Protocol list
and the normal DNS list.  Please edit reply addresses appropriately.

Thanks,

Ran
atkinson@itd.nrl.navy.mil


----- End Included Message -----

---

Follow-Ups:

• Re: [resend] Use of DNS to distribute keys
• From: "Beast (Donald E. Eastlake, 3rd)" <dee@skidrow.lkg.dec.com>

---

• Next by Date: Re: Use of DNS to distribute keys
• Next by thread: Re: [resend] Use of DNS to distribute keys
• Index(es):
  • Main
  • Thread