Re: Use of DNS to distribute keys

[Dave Crocker <dcrocker@Mordor.Stanford.EDU>]

    ---- Included message:

    
    	For several years now I've been thinking that the DNS is
    probably a really good way to distribute keys (or key certificates).

Let me ask a related question:

One of the marks of distinction about the DNS, relative to X.500, DEC's
Name Service, OSF's Cell Directory Service, and most discussions about
network use of directory service, is that is is used in very, very
limited ways.  I suspect that limiting the use to name/address
mapping has been instrumental in making it feasible to rely on
DNS access as part of the operational infrastructure.

This is not to say that the broad range of other uses are not also
interesting and important, merely that the narrow focus in functionality
probably has helped operation of the system.

Do others have similar feelings about this?

If so, it leads me to wonder whether proposals for broadening the
use of the DNS might actually want to consider construction of
a parallel DNS for non-core operational use.  (Where's the line?
I don't know.  With no hesitation, I'd guess that key distribution
can be(come) a core service.  But it isn't now.  Mumble.)

Thoughts?

Dave

---

Follow-Ups:

• Re: Use of DNS to distribute keys
• From: Brad Huntting <huntting@glarp.com>
• Re: Use of DNS to distribute keys
• From: "Perry E. Metzger" <pmetzger@lehman.com>

---

• Prev by Date: [resend] Use of DNS to distribute keys
• Next by Date: Re: Use of DNS to distribute keys
• Prev by thread: Re: [resend] Use of DNS to distribute keys
• Next by thread: Re: Use of DNS to distribute keys
• Index(es):
  • Main
  • Thread