[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of DNS to distribute keys

To: Dave Crocker <dcrocker@mordor.stanford.edu>
Subject: Re: Use of DNS to distribute keys
From: Brad Huntting <huntting@glarp.com>
Date: Tue, 07 Sep 1993 12:33:49 -0600
Cc: atkinson@itd.nrl.navy.mil (Ran Atkinson), namedroppers@nic.ddn.mil, ipsec@ans.net
In-Reply-To: Your message of "Tue, 07 Sep 93 09:56:59 PDT." <9309071657.AA23666@Mordor.Stanford.EDU>


> If so, it leads me to wonder whether proposals for broadening the
> use of the DNS might actually want to consider construction of
> a parallel DNS for non-core operational use.  (Where's the line?
> I don't know.  With no hesitation, I'd guess that key distribution
> can be(come) a core service.  But it isn't now.  Mumble.)

I dont see anything wrong with putting more "host related information"
in DNS.  What's dangerous is to try to extend the idea "domain
name" to include more than just "things with IP addresses", "things
that appear after the @ in email addresses", and "administrative
breakpoints".

In other words, it might be risky to add PEM information to DNS,
but it would probably not be risky to ad IP security information
to DNS.


brad

Follow-Ups:

Re: Use of DNS to distribute keys

From: Dave Crocker <dcrocker@Mordor.Stanford.EDU>

Re: Use of DNS to distribute keys

From: Christian Huitema <Christian.Huitema@sophia.inria.fr>

References:

Re: Use of DNS to distribute keys

From: Dave Crocker <dcrocker@Mordor.Stanford.EDU>

Prev by Date: Re: Use of DNS to distribute keys
Next by Date: Re: Use of DNS to distribute keys
Prev by thread: Re: Use of DNS to distribute keys
Next by thread: Re: Use of DNS to distribute keys
Index(es):
- Main
- Thread