Re: key distribution

["Perry E. Metzger" <pmetzger@lehman.com>]

Ran Atkinson says:

> 	I myself lean more towards using the DNS to store host key
> CERTIFICATES (emphasis added to avoid being flamed).  I proposed this
> recently on the Namedroppers list and there was some discussion about
> it for a while.  One person on that list indicated there might be an
> MTU problem with key certificates (for some key sizes) with the DNS
> approach.  I'm recently told that the commercial world seems to be
> using key sizes in the 1K bits range [separate email messages from
> Steve Bellovin, Neil Haller, et. al.].  It seems likely that we will
> eventually wish to have larger key sizes.  I have no idea over what
> time span that will occur, but we should avoid boxing ourselves in
> unduly.

I agree that DNS feels like the right way to store these things. It
would be nice if someone could convey to the people doing the next
generation of DNS that setting the record size high enough that this
could be done would be a big win. Presently, records can't be large
enough to accomodate future key lengths.

Perry

---

Follow-Ups:

• Re: key distribution
• From: Brad Huntting <huntting@glarp.com>

References:

• Re: key distribution
• From: atkinson@itd.nrl.navy.mil (Ran Atkinson)

---

• Prev by Date: Re: Key Managment Query/Comments...
• Next by Date: Re: Key Managment Query/Comments...
• Prev by thread: Re: key distribution
• Next by thread: Re: key distribution
• Index(es):
  • Main
  • Thread