[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of DNS to distribute keys

To: Steve Kent <kent@BBN.COM>
Subject: Re: Use of DNS to distribute keys
From: tardo@tardo.lkg.dec.com
Date: Fri, 10 Sep 93 09:51:02 -0400
Cc: Charles B Cranston <zben@ni.umd.edu>, ipsec@ans.net, namedroppers@nic.ddn.mil, tardo@tardo.lkg.dec.com
In-Reply-To: Your message of "Thu, 09 Sep 93 16:05:23 EDT." <199309091959.AA12223@interlock.ans.net>


Steve:

>>I believe the question that precipitated this discussion came
>>from someone who posed it in the context of certificates for machines,
>>not for people

Actually, the context was in setting up end-end (rather than store-and-
forward) data protection keys, in which case not storing certificates
in the DNS seems to make more sense.  One very big advantage, by the way,
is that there is less state in directory services to keep accurate and 
synchronized, the most difficult part of a nameserver-based certificate
distribution scheme being the practical one of ongoing maintenance.  Note
that DNS has no notion of self-administration, as X.500 access controls
support, even if your policy would accommodate this sort of thing.

Now, how about simply defining a (publicly readable, usually) MIB for this
so that keys could be accessed (and even remotely managed) without inventing
new protocol, using SNMP?

/Joe

Follow-Ups:

Re: Use of DNS to distribute keys

From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>

References:

Re: Use of DNS to distribute keys

From: Steve Kent <kent@BBN.COM>

Prev by Date: Re: Use of DNS to distribute keys
Next by Date: Re: Use of DNS to distribute keys
Prev by thread: Re: Use of DNS to distribute keys
Next by thread: Re: Use of DNS to distribute keys
Index(es):
- Main
- Thread