To:
Keith Moore <moore@cs.utk.edu>
Cc:
Ted.Hardie@nominum.com, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
09 Jan 2002 15:23:06 -0500
In-Reply-To:
Keith Moore's message of "Wed, 09 Jan 2002 15:18:25 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
Keith Moore <moore@cs.utk.edu> writes: > > DNSSec provides the origin authentication (and integrity protection) > > of the blobs. > > DNSSEC might provide *one* means of authenticating the origin and > integrity of such blobs - and only if DNS is used to distribute DNSSec works even if you don't know what the blob means. > the blobs (and it seems like a poor mechanism to me). The blobs > could also provide their own means of verifying authentication and > integrity, and the key distribution mechanism could provide its own > means of doing so independent of DNSSEC. This discussion started with "whether and how to distribute keying information in DNS". You may think that DNS is not the right place to distribute keys, and for some application I would agree with you. However, there are other applications for which DNS is IMHO the absolute correct place to distribute keys (e.g. IPsec and SSH host keys). > Keith -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available