To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Greg Hudson <ghudson@MIT.EDU>, Simon Josefsson <simon+keydist@josefsson.org>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
04 Jan 2002 14:06:06 -0500
Delivery-Date:
Fri Jan 4 20:16:36 2002
In-Reply-To:
Steve Hanna's message of "Fri, 04 Jan 2002 13:12:19 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
Steve Hanna <steve.hanna@sun.com> writes: > I agree that having many trusted roots is not good. I'm not > arguing for that. I'm arguing that users should have the ability > to choose their own trust anchors and not be forced into using > a single global trusted root. Many users won't care and they'll > use whatever comes with their software. But users who do care > should be able to choose. I'm surprised to see you arguing against > that. Some applications may not provide for external anchors and may depend on DNSSec. That's fine, and if you have a problem with that you should discuss it with the application developers. Other applications may not have this limitation, and that's fine, too. You seem to be arguing that storing raw keys in the DNS such that applications that use those raw keys MUST depend on DNSSec is a Bad Idea. I maintain that that is an application decision, and the fact that DNSSec provides this service is a Good Thing, because otherwise there would be no scalable, global distibution channel for these keys. [ssh example snipped] > Understood. That makes sense, if we decide to use DNS and DNSSEC > for key distribution. I think that DNSSec is only potential key distribution method. It is not the only one, and I don't think it ever would be the only one. The question is: should it be one in the first place? I maintain that yes, it should, because there are some applications for which it is the Right Thing. Is it the right thing for all applications? Hell, no! But shouldn't we at least do the Right Thing for those (maybe few?) applications for which it is? > > > There's no need for everyone to share the same trusted anchor. People > > > > People already have to share the same trusted anchor for DNS > > information... > > But the security of IKE and SSL and S/MIME doesn't depend on the > DNS giving correct answers. Using certificates frees them from the > dependency on a single global trusted root. There is no reason that SSL should be using DNS at all. However, if we already had DNSSec then SSL certs _WOULDN'T_ be necessary. The primary function of SSL Certs is to bind a DNS Name to a host. DNSSec would provide that functionality, which implies that SSL could use a raw key provided through DNSSec and you would get in essence the same functionality. The only difference is that this method would not have the same ability to decide which root to choose. > -Steve -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available