[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of DNS to distribute keys

To: tardo@tardo.lkg.dec.com
Subject: Re: Use of DNS to distribute keys
From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>
Date: Mon, 13 Sep 93 18:06:36 JST
Cc: kent@BBN.COM, zben@ni.umd.edu, ipsec@ans.net, namedroppers@nic.ddn.mil
In-Reply-To: <9309101351.AA23476@tardo.lkg.dec.com>; from "tardo@tardo.lkg.dec.com" at Sep 10, 93 9:51 am

> Actually, the context was in setting up end-end (rather than store-and-
> forward) data protection keys,

> Now, how about simply defining a (publicly readable, usually) MIB for this
> so that keys could be accessed (and even remotely managed) without inventing
> new protocol, using SNMP?

Why we need encryption here for the end-end communication? Because the
IP layer is unreliable. Some malicious intermediate host may pretend
to be the end host. The problem with MIB is that the public key obtained
through MIB through malicious intermediate hosts is just as unreliable
as the IP layer.

What we need for the globaly authenticated communication is an authenticated
tree structure of servers to provide reliable public keys, which could be
a variation of DNS.

						Masataka Ohta

References:

Re: Use of DNS to distribute keys

From: tardo@tardo.lkg.dec.com

Prev by Date: Re: Use of DNS to distribute keys
Next by Date: Re: [resend] Use of DNS to distribute keys
Prev by thread: Re: Use of DNS to distribute keys
Next by thread: Re: Use of DNS to distribute keys
Index(es):
- Main
- Thread