To:
David Conrad <david.conrad@nominum.com>
Cc:
Edward Lewis <lewis@tislabs.com>, Key Distribution <keydist@cafax.se>
From:
Randy Bush <randy@psg.com>
Date:
Fri, 28 Dec 2001 00:10:00 -0800
Delivery-Date:
Fri Dec 28 09:10:04 2001
Sender:
owner-keydist@cafax.se
Subject:
Re: What are we trying to do?
>>> My opinion is that we are trying to provide a common means for >>> applications to distribute public keys amongst elements scattered >>> across the (inter)network. >> a noble and useful goal. in the ietf, this is usually in the security >> area. > So, to be clear, do you feel that the advantages the existing DNS provide > in terms of scalability, cachability, reliability, redundancy, etc. have > insignificant value in the context of public key distribution or do you > feel it is better to reinvent an architecture that will provide those > attributes (and if so, why)? i am not a pki expert, so, unlike some, will refrain from judgement. let's see your license and registration. notice that the pki folk from security have not asked us to store keys in the dns for a while. and the hard core security folk i listen to have yet to make clear to me what path they want to take. when they do so in a formal way, then we might have some basis to discuss this. otherwise we have hackola solutions looking for a problem. imiho, pki is a job that starts in the security area, not we who have spent six+ years fumbling at designing and deploying somewhat secure dns, and have yet to succeed. maybe we should do that well, before having the hubris to take on everyone else's job. randy