[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key distribution

To: pmetzger@lehman.com
Subject: Re: key distribution
From: Brad Huntting <huntting@glarp.com>
Date: Wed, 13 Oct 1993 14:13:19 -0600
Cc: atkinson@itd.nrl.navy.mil (Ran Atkinson), dee@skidrow.lkg.dec.com, ipsec@ans.net
In-Reply-To: Your message of "Wed, 13 Oct 93 11:46:47 EDT." <9310131546.AA06479@snark.lehman.com>


> I agree that DNS feels like the right way to store these things. It
> would be nice if someone could convey to the people doing the next
> generation of DNS that setting the record size high enough that this
> could be done would be a big win. Presently, records can't be large
> enough to accomodate future key lengths.

Certificate chains for online resources should be stored with the
hosts offering the resources.  This includes IP certificates.

Using DNS will only add yet another point of failure.  Hosts
supporting IPSP could easily support an ICMP or UDP based service
which spits back the hosts certificate or certificate chain on
request.

DNS is useless for IPSP.


brad

References:

Re: key distribution

From: "Perry E. Metzger" <pmetzger@lehman.com>

Prev by Date: Re: Key Managment Query/Comments...
Next by Date: Re: >Key Managment Query/Com
Prev by thread: Re: key distribution
Next by thread: Re: key distribution
Index(es):
- Main
- Thread