DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnssec@cafax.se
From: Randy Bush <randy@psg.com>
Date: Mon, 30 Apr 2001 09:49:52 +0200
Delivery-Date: Tue May 1 10:47:50 2001
Sender: owner-dnssec@cafax.se
Subject: Re: Keys at apex problem - New PUBKEY RR?

i have been told that i need to be more explicit.  so ...

nerd logic:
  o this ssh key issue is bogus.  a host has multiple ssh keys already, and
    is probably associated with more than one keyable security protocol.
  o what we have is a generic problem, how to go securely from a secured
    lookup in the dns to a wide set of secure APPLICATIONS on hosts.
  o instead of hacking each one into the dns, what we need is a securable
    reference from the dns to external secured application services
  o i.e. a naptr-like lookup which yields not only a reference to a service
    but also the security glue for trusting that service
  o e.g. a naptr record for a secure ldap server which has ssh keys and
    other glorp for one or more hosts.  and that naptr record would have
    the public key of the ldap server so the move from dns to ldap would
    be secured.

randy

Follow-Ups:
- Re: Keys at apex problem - New PUBKEY RR?
  - From: Jaap Akkerhuis <jaap@bartok.sidn.nl>

References:
- Re: Keys at apex problem - New PUBKEY RR?
  - From: Olafur Gudmundsson <ogud@ogud.com>
- Re: Keys at apex problem - New PUBKEY RR?
  - From: Havard Eidnes <he@runit.no>

Prev by Date: Re: Keys at apex problem - New PUBKEY RR?
Next by Date: Re: Keys at apex problem - New PUBKEY RR?
Prev by thread: Re: Keys at apex problem - New PUBKEY RR?
Next by thread: Re: Keys at apex problem - New PUBKEY RR?
Index(es):
- Date
- Thread

Home | Date list | Subject list