KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: keydist@cafax.se
cc: moore@cs.utk.edu
From: Keith Moore <moore@cs.utk.edu>
Date: Wed, 09 Jan 2002 15:38:03 -0500
Sender: owner-keydist@cafax.se
Subject: RESCAP/RC: an alternative to key distribution using DNS

Since people seem to be interested in using DNS to distribute keying
material, I thought I'd suggest a (somewhat) concrete alternative.

The RESCAP working group is working on the design of a protocol to
be used to allow the lookup of meta-information that is associated
with resource identifiers such as URIs.  The Resource Catalog (RC)
protocol is being considered for this protocol.

Basically RC assumes that there is some well-defined process for
mapping a URI to one or more servers that can perform the lookup.
The server is probably identified using a a NAPTR/SRV lookup mechanism
similar to that defined in RFC 2168 and RFC 2915.  (in particular,
NAPTR allows this process to be adaptable to the variety of URI
syntaxes in use).

The RC protocol itself is specifically designed to allow the client
to request named metadata that are associated with a resource name.
Arbitrary sets of metadata can be requested, and the kinds of metadata
that can be associated with a resource name are arbitrarily extensible
without changes to the RC servers.  The RC protocol provides its own
mechanisms for signing arbitrary sets of metadata without constraining
the signature formats that can be used.  Both the metadata and the
signatures are opaque to the RC server.

Distribution of key material is one of many applications for which RC
was designed.  But especially since I'm not a security expert, it's
entirely possible that there is some aspect of RC's design that
is deficient for this purpose.  I'd very much appreciate comments
from this group on the suitability of RC for this application.

The relevant documents are:

draft-ietf-rescap-rc-00.txt - RC protocol
draft-ietf-rescap-blob-00.txt - presentation layer used by RC PDUs

These documents are of course works in progress, and several aspects
of the RC protocol (notably authentication for queries and updates)
have not yet been defined.

The rescap WG mailing list is at rescap[-REQUEST]@cs.utk.edu .

Keith

Follow-Ups:
- Re: RESCAP/RC: an alternative to key distribution using DNS
  - From: Greg Hudson <ghudson@MIT.EDU>
- Re: RESCAP/RC: an alternative to key distribution using DNS
  - From: Simon Josefsson <simon+keydist@josefsson.org>

Prev by Date: Re: From whence we came...
Next by Date: BOUNCE keydist@cafax.se: Non-member submission from [Keith Moore<moore@cs.utk.edu>] (fwd)
Prev by thread: Re: Definitions of keys and certs
Next by thread: Re: RESCAP/RC: an alternative to key distribution using DNS
Index(es):
- Date
- Thread

Home | Date list | Subject list