[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Design] Re: opportunistic encryption deployment problems

To: ipsec@lists.tislabs.com, design@lists.freeswan.org
Subject: Re: [Design] Re: opportunistic encryption deployment problems
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 05 Sep 2001 13:06:44 -0400
In-reply-to: Your message of "Tue, 04 Sep 2001 19:18:31 +0200." <Pine.BSO.4.33.0109041915370.15752-100000@fonbella.crt.se>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Jakob" == Jakob Schlyter <jakob@crt.se> writes:
    Jakob> On Fri, 31 Aug 2001, Michael Richardson wrote:

    >> In the meantime, we can publish lists of secure zones with contact
    >> information and do PGP-like web-of-trust stuff.

    Jakob> you can not do PGP-like web-of-trust within DNSsec as all signatures needs
    Jakob> to be strictly hierarchical. 

  Yes, that is true.
  But, if one assumes that one has a forest rather than a tree, then one can
do web-of-trust like things on the "root" keys. Whether one does this with
PGP signatures or using DNSsec signatures is a different question.

    Jakob> or do you mean distributing lists of secure
    Jakob> zones together with their public keys using PGP?

  So, the answer is "yes"

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: [Design] Re: opportunistic encryption deployment problems

From: Jakob Schlyter <jakob@crt.se>

Prev by Date: Re: inbound vs outbound?
Next by Date: RE: network partitions and DPD
Prev by thread: Re: [Design] Re: opportunistic encryption deployment problems
Next by thread: Re: IKEv2 stuff.. Re: More MODP Diffie-Hellman groups for IKE
Index(es):
- Main
- Thread