To:
Rodney Thayer <rodney@tillerman.to>
Cc:
keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
13 Dec 2001 11:57:51 -0500
Delivery-Date:
Thu Dec 13 17:58:11 2001
In-Reply-To:
Rodney Thayer's message of "Thu, 13 Dec 2001 09:47:48 -0700"
Sender:
owner-keydist@cafax.se
Subject:
Re: hello!
Hi, Rodney, Indeed, we're trying to come up with requirements for various applications. My strawman proposal is that: - a DNS key-storage record will store keys - applications can design their own policy/configuration-storage records to store application policy/configuration information But there are still a lot of open questions. For example, can we use a single, subtyped "generic application key/certificate storage RR type" and use LHS names to differentiate the key-usage types. Alternatively, we can split various key formats into different RR types (raw keys, x.509 certs, pgp keys, spki certs, etc)... Or we can even do a combination of them all. But stepping back from all this, can we come up with a set of requirements for key storage (in general)? -derek Rodney Thayer <rodney@tillerman.to> writes: > Hello there. I'm Rodney Thayer, I am interested in participating > in the discussion of storing SSH keys in DNS. I am a security > architect/implementor/crypto plumber -- I'm currently working on > Secure DNS things but I've also recently worked on public key > applications, such as SSH (and legacy things like PKIX certificates) > > So... I believe the topic here is what are the requirements for > storing SSH keys in DNS. Is that correct? > (I'll take silence as a yes and simply keep babbling into the > microphone here...) > > P.s. I'm also a co-author on the SSH key format draft. > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available