To:
Edward Lewis <lewis@tislabs.com>
Cc:
keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
10 Jan 2002 16:18:41 -0500
In-Reply-To:
Edward Lewis's message of "Thu, 10 Jan 2002 16:06:25 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: looking for draft volunteers
Ahh.
To me, I define "application keys" to mean "keys used by
non-DNS code." Notice I left out the word "application"
here. Perhaps we should call them "non-DNS code keys"?
Seriously, ipsec _is_ an application. (bind is an application, too).
The point of the exercise is to come up with other applications,
infrastructure, systems, what-have-you that need keying information
and to see whether DNS can provide that keying information in a
reasonable manner. Perhaps not all applications, infrastructure,
systems, what-have-you can use a DNS-based key distribution
infrastructure, but some (like ipsec and ssh) certainly could.
Really, the question is, "what is a name"? Perhaps ipsec is not
considered an application to most people (I would argue that SSH -IS-
considered an application, even if it's part of core infrastructure).
The term "application key" was used to distinguish from a "DNSSec KEY"
used to sign DNS records. If you can come up with another term that
can (or should) be used instead, please suggest one.
I certainly believe that ipsec and ssh count as users of this
technology, whatever it happens to be called.
-derek
Edward Lewis <lewis@tislabs.com> writes:
> At 3:57 PM -0500 1/10/02, Derek Atkins wrote:
> >Edward Lewis <lewis@tislabs.com> writes:
> >
> >> (As was pointed out, IPsec isn't an application.)
> >
> >Where was this pointed out? Did I miss some message somewhere?
>
> http://www.cafax.se/keydist/maillist/2002-01/msg00006.html
>
> Referring to:
> #At 11:18 AM -0500 1/3/02, Michael Richardson wrote:
> #> Finally, this discussion about "application" keys is somewhat silly.
> #>
> #> In the case of IPsec and SSH we do not believe that they are applications
> #>to anyone other than the DNS folks. Many operations people consider these
> #>protocols to be *infrastructure*. If the fundamental security protocols do
> #>not work, then the Internet does not work.
>
> There are already 160+ messages floating on the list in less than a month.
> How can any one be missed. ;) -- Spoken as one who is drowning in
> duplicate copies...
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis NAI Labs
> Phone: +1 443-259-2352 Email: lewis@tislabs.com
>
> Opinions expressed are property of my evil twin, not my employer.
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available