To:
<keydist@cafax.se>
From:
Simon Josefsson <simon+keydist@josefsson.org>
Date:
Wed, 19 Dec 2001 16:36:26 +0100 (CET)
Delivery-Date:
Wed Dec 19 16:36:29 2001
Sender:
owner-keydist@cafax.se
Subject:
FYI: Another application example
Hello list, Another interesting possible future usage of public keys in DNS. Similar to the opportunistic IPSEC draft recently, this also needs other information than just the public key -- AS number and/or network addresses related to the key. http://www.ietf.org/internet-drafts/draft-murphy-bgp-secr-04.txt Something like the following, perhaps? 10.in-addr.arpa. IN KEY <<AS 4711, public key X>> 4711.as.arpa. IN KEY <<Networks: 10/24, ... public key Y>> This would connect AS 4711 with a public key and the networks the AS "owns", and a network 10/24 with a AS and the apublic key. Of course, creating "as.arpa" is perhaps not easy. Perhaps it is sufficient to add a (signed) BGP path attribute that points to the hostname used, then no changes DNS (administratively or protocol wise) would be required.