To:
Derek Atkins <warlord@MIT.EDU>
cc:
Ted.Hardie@nominum.com, Keith Moore <moore@cs.utk.edu>, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Wed, 09 Jan 2002 15:18:25 -0500
In-reply-to:
Your message of "09 Jan 2002 15:09:25 EST." <sjmelkznv62.fsf@indiana.mit.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
> > I think this is a valid point. The way I wrap that in my head is: > > > > DNSSEC helps you to know that the materials you got from the wallet > > were the materials that the owner put in there. > > What this means is that any key distribution mechanism needs to > support any random key-data formats. agreed. > DNSSec provides the origin authentication (and integrity protection) > of the blobs. DNSSEC might provide *one* means of authenticating the origin and integrity of such blobs - and only if DNS is used to distribute the blobs (and it seems like a poor mechanism to me). The blobs could also provide their own means of verifying authentication and integrity, and the key distribution mechanism could provide its own means of doing so independent of DNSSEC. Keith