[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of DNS to distribute keys

To: Dave Crocker <dcrocker@mordor.stanford.edu>
Subject: Re: Use of DNS to distribute keys
From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Tue, 07 Sep 1993 14:55:22 -0400
Cc: namedroppers@nic.ddn.mil, ipsec@ans.net
In-Reply-To: Your message of "Tue, 07 Sep 1993 09:56:59 PDT." <9309071657.AA23666@Mordor.Stanford.EDU>
Reply-To: pmetzger@lehman.com


Dave Crocker says:
> 
> If so, it leads me to wonder whether proposals for broadening the
> use of the DNS might actually want to consider construction of
> a parallel DNS for non-core operational use.  (Where's the line?
> I don't know.  With no hesitation, I'd guess that key distribution
> can be(come) a core service.  But it isn't now.  Mumble.)
> 
> Thoughts?

A while back I thought about the unrelated issue of including faces in
DNS and ran smack into the RR size limitation. Admitedly this was a
silly use, but public keys share the problem of being large,
especially when authentication information in the form of signatures
on the keys gets kept. Either DNS needs bigger record sizes, or a
parallel structure would have to be built, or someone would have to
produce some sort of really disgusting kludge. Its a shame, because
things like these do, in my opinion, properly belong in DNS. Why have
a dozen distributed databases keyed on host name when one will do?

Perry

References:

Re: Use of DNS to distribute keys

From: Dave Crocker <dcrocker@Mordor.Stanford.EDU>

Prev by Date: Re: Use of DNS to distribute keys
Next by Date: Re: Use of DNS to distribute keys
Prev by thread: Re: Use of DNS to distribute keys
Next by thread: Re: Use of DNS to distribute keys
Index(es):
- Main
- Thread