To:
dnssec@cafax.se
From:
Randy Bush <randy@psg.com>
Date:
Mon, 30 Apr 2001 09:49:52 +0200
Delivery-Date:
Tue May 1 10:47:50 2001
Sender:
owner-dnssec@cafax.se
Subject:
Re: Keys at apex problem - New PUBKEY RR?
i have been told that i need to be more explicit. so ... nerd logic: o this ssh key issue is bogus. a host has multiple ssh keys already, and is probably associated with more than one keyable security protocol. o what we have is a generic problem, how to go securely from a secured lookup in the dns to a wide set of secure APPLICATIONS on hosts. o instead of hacking each one into the dns, what we need is a securable reference from the dns to external secured application services o i.e. a naptr-like lookup which yields not only a reference to a service but also the security glue for trusting that service o e.g. a naptr record for a secure ldap server which has ssh keys and other glorp for one or more hosts. and that naptr record would have the public key of the ldap server so the move from dns to ldap would be secured. randy