To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Greg Hudson <ghudson@MIT.EDU>, Simon Josefsson <simon+keydist@josefsson.org>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
04 Jan 2002 14:06:06 -0500
Delivery-Date:
Fri Jan 4 20:16:36 2002
In-Reply-To:
Steve Hanna's message of "Fri, 04 Jan 2002 13:12:19 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
Steve Hanna <steve.hanna@sun.com> writes:
> I agree that having many trusted roots is not good. I'm not
> arguing for that. I'm arguing that users should have the ability
> to choose their own trust anchors and not be forced into using
> a single global trusted root. Many users won't care and they'll
> use whatever comes with their software. But users who do care
> should be able to choose. I'm surprised to see you arguing against
> that.
Some applications may not provide for external anchors and may
depend on DNSSec. That's fine, and if you have a problem with
that you should discuss it with the application developers. Other
applications may not have this limitation, and that's fine, too.
You seem to be arguing that storing raw keys in the DNS such that
applications that use those raw keys MUST depend on DNSSec is a Bad
Idea. I maintain that that is an application decision, and the fact
that DNSSec provides this service is a Good Thing, because otherwise
there would be no scalable, global distibution channel for these keys.
[ssh example snipped]
> Understood. That makes sense, if we decide to use DNS and DNSSEC
> for key distribution.
I think that DNSSec is only potential key distribution method. It
is not the only one, and I don't think it ever would be the only one.
The question is: should it be one in the first place? I maintain
that yes, it should, because there are some applications for which
it is the Right Thing. Is it the right thing for all applications?
Hell, no! But shouldn't we at least do the Right Thing for those
(maybe few?) applications for which it is?
> > > There's no need for everyone to share the same trusted anchor. People
> >
> > People already have to share the same trusted anchor for DNS
> > information...
>
> But the security of IKE and SSL and S/MIME doesn't depend on the
> DNS giving correct answers. Using certificates frees them from the
> dependency on a single global trusted root.
There is no reason that SSL should be using DNS at all. However, if
we already had DNSSec then SSL certs _WOULDN'T_ be necessary. The
primary function of SSL Certs is to bind a DNS Name to a host. DNSSec
would provide that functionality, which implies that SSL could use a
raw key provided through DNSSec and you would get in essence the same
functionality. The only difference is that this method would not have
the same ability to decide which root to choose.
> -Steve
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available