To:
Edward Lewis <lewis@tislabs.com>
Cc:
keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
10 Jan 2002 16:18:41 -0500
In-Reply-To:
Edward Lewis's message of "Thu, 10 Jan 2002 16:06:25 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: looking for draft volunteers
Ahh. To me, I define "application keys" to mean "keys used by non-DNS code." Notice I left out the word "application" here. Perhaps we should call them "non-DNS code keys"? Seriously, ipsec _is_ an application. (bind is an application, too). The point of the exercise is to come up with other applications, infrastructure, systems, what-have-you that need keying information and to see whether DNS can provide that keying information in a reasonable manner. Perhaps not all applications, infrastructure, systems, what-have-you can use a DNS-based key distribution infrastructure, but some (like ipsec and ssh) certainly could. Really, the question is, "what is a name"? Perhaps ipsec is not considered an application to most people (I would argue that SSH -IS- considered an application, even if it's part of core infrastructure). The term "application key" was used to distinguish from a "DNSSec KEY" used to sign DNS records. If you can come up with another term that can (or should) be used instead, please suggest one. I certainly believe that ipsec and ssh count as users of this technology, whatever it happens to be called. -derek Edward Lewis <lewis@tislabs.com> writes: > At 3:57 PM -0500 1/10/02, Derek Atkins wrote: > >Edward Lewis <lewis@tislabs.com> writes: > > > >> (As was pointed out, IPsec isn't an application.) > > > >Where was this pointed out? Did I miss some message somewhere? > > http://www.cafax.se/keydist/maillist/2002-01/msg00006.html > > Referring to: > #At 11:18 AM -0500 1/3/02, Michael Richardson wrote: > #> Finally, this discussion about "application" keys is somewhat silly. > #> > #> In the case of IPsec and SSH we do not believe that they are applications > #>to anyone other than the DNS folks. Many operations people consider these > #>protocols to be *infrastructure*. If the fundamental security protocols do > #>not work, then the Internet does not work. > > There are already 160+ messages floating on the list in less than a month. > How can any one be missed. ;) -- Spoken as one who is drowning in > duplicate copies... > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis NAI Labs > Phone: +1 443-259-2352 Email: lewis@tislabs.com > > Opinions expressed are property of my evil twin, not my employer. > > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available