KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Keith Moore <moore@cs.utk.edu>
cc: <keydist@cafax.se>
From: Greg Hudson <ghudson@MIT.EDU>
Date: Thu, 10 Jan 2002 20:09:31 -0500 (EST)
In-Reply-To: <200201101425.g0AEPti01660@astro.cs.utk.edu>
Sender: owner-keydist@cafax.se
Subject: Re: RESCAP/RC: an alternative to key distribution using DNS

On Thu, 10 Jan 2002, Keith Moore wrote:
> seems quite reasonable to me, with the possible exception of shoehorning
> a key fingerprint onto NAPTR.  But you can certainly store material in
> RESCAP which allows it to be securely tied to DNSSEC.

I'm a little leery of this approach; it means that the same private key
has to be used to sign both DNS and non-DNS data.  Maybe that's okay, but
it sounds like a violation of

(There are, of course, other in-DNS approaches besides shoehorning a key
fingerprint into NAPTR; for example, we could define a key-fingerprint RR
type analagous to the KEY RR type.)

Follow-Ups:
- Re: RESCAP/RC: an alternative to key distribution using DNS
  - From: Mats Dufberg <dufberg@telia.net>

References:
- Re: RESCAP/RC: an alternative to key distribution using DNS
  - From: Keith Moore <moore@cs.utk.edu>

Prev by Date: Re: looking for draft volunteers
Next by Date: Re: looking for draft volunteers
Prev by thread: Re: RESCAP/RC: an alternative to key distribution using DNS
Next by thread: Re: RESCAP/RC: an alternative to key distribution using DNS
Index(es):
- Date
- Thread

Home | Date list | Subject list