Re: Key Management, anyone?

["Theodore Y. Ts'o" <tytso@mit.edu>]

   Date: Mon, 22 Jul 1996 19:20:50 -0700
   From: John Gilmore <gnu@toad.com>

   For me, one factor seems to be that I personally trust Jon Postel to
   do the right thing with the root key.  I have a lot more trust in him
   than in the FBI, NIST, the "good side" of the NSA, or the President.

Note that a very simple enhancement to DNSSEC would allow
sub-hierarchies to not even need to trust Jon Postel, by using what the
"up certificates".  This is where the ENTERPRISE.NAVY.MIL signs
NAVY.MIL's key, and NAVY.MIL signs MIL's key, and TIGERS.ARMY.MIL signs
ARMY.MIL's key, and ARMY.MIL signs MIL's key, and so on.

In this configuration, if ENTERPRISE.NAVY.MIL and SARATOGA.NAVY.MIL need
to communicate, they only have to trust NAVY.MIL; if ENTERPRISE.NAVY.MIL
and TIGERS.ARMY.MIL need to communicate, they only have to trust
NAVY.MIL, MIL, and ARMY.MIL.  This allows you to only need to trust the
minimum number of nodes, and as long as all of the communications are
within the .MIL hierarchy, you don't even need to trust anyone at the
IANA or at the InterNIC.

If two companies start doing a bilateral deal, they can set up cross
certificates --- FORD.COM and TOYOTA.COM could sign each others' keys.
It wouldn't be that hard to set up the secure DNS at FORD.COM to check
to see if the local zone has signed any bilateral keys before
commenceing up the tree looking for "up certificates" to find an
appropriate certificate chain.

						- Ted

---

References:

• Re: Key Management, anyone?
• From: John Gilmore <gnu@toad.com>

---

• Prev by Date: Re: Key Management, anyone?
• Next by Date: challenges for the IPSEC group
• Prev by thread: Re: Key Management, anyone?
• Next by thread: Re: Key Management, anyone?
• Index(es):
  • Main
  • Thread