To:
Rodney Thayer <rodney@tillerman.to>
Cc:
keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
13 Dec 2001 11:57:51 -0500
Delivery-Date:
Thu Dec 13 17:58:11 2001
In-Reply-To:
Rodney Thayer's message of "Thu, 13 Dec 2001 09:47:48 -0700"
Sender:
owner-keydist@cafax.se
Subject:
Re: hello!
Hi, Rodney,
Indeed, we're trying to come up with requirements for various
applications.
My strawman proposal is that:
- a DNS key-storage record will store keys
- applications can design their own policy/configuration-storage records
to store application policy/configuration information
But there are still a lot of open questions. For example, can we
use a single, subtyped "generic application key/certificate storage
RR type" and use LHS names to differentiate the key-usage types.
Alternatively, we can split various key formats into different
RR types (raw keys, x.509 certs, pgp keys, spki certs, etc)...
Or we can even do a combination of them all.
But stepping back from all this, can we come up with a set of
requirements for key storage (in general)?
-derek
Rodney Thayer <rodney@tillerman.to> writes:
> Hello there. I'm Rodney Thayer, I am interested in participating
> in the discussion of storing SSH keys in DNS. I am a security
> architect/implementor/crypto plumber -- I'm currently working on
> Secure DNS things but I've also recently worked on public key
> applications, such as SSH (and legacy things like PKIX certificates)
>
> So... I believe the topic here is what are the requirements for
> storing SSH keys in DNS. Is that correct?
> (I'll take silence as a yes and simply keep babbling into the
> microphone here...)
>
> P.s. I'm also a co-author on the SSH key format draft.
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available