KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <keydist@cafax.se>
From: Simon Josefsson <simon+keydist@josefsson.org>
Date: Wed, 19 Dec 2001 16:36:26 +0100 (CET)
Delivery-Date: Wed Dec 19 16:36:29 2001
Sender: owner-keydist@cafax.se
Subject: FYI: Another application example

Hello list,

Another interesting possible future usage of public keys in DNS.  Similar
to the opportunistic IPSEC draft recently, this also needs other
information than just the public key -- AS number and/or network addresses
related to the key.

http://www.ietf.org/internet-drafts/draft-murphy-bgp-secr-04.txt

Something like the following, perhaps?

10.in-addr.arpa.	IN	KEY	<<AS 4711, public key X>>
4711.as.arpa.		IN	KEY	<<Networks: 10/24, ... public key Y>>

This would connect AS 4711 with a public key and the networks the AS
"owns", and a network 10/24 with a AS and the apublic key.

Of course, creating "as.arpa" is perhaps not easy.  Perhaps it is 
sufficient to add a (signed) BGP path attribute that points to the 
hostname used, then no changes DNS (administratively or protocol wise) 
would be required.

Prev by Date: Re: hello!
Next by Date: From whence we came...
Prev by thread: Re: hello!
Next by thread: From whence we came...
Index(es):
- Date
- Thread

Home | Date list | Subject list