KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: keydist@cafax.se
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 15 Jan 2002 16:48:26 -0500
In-reply-to: Your message of "Mon, 14 Jan 2002 14:55:04 +0100." <Pine.LNX.4.33.0201141439480.22829-100000@slipsten.extundo.com>
Sender: owner-keydist@cafax.se
Subject: Re: looking for draft volunteers

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Simon" == Simon Josefsson <simon+keydist@josefsson.org> writes:
    Simon> I agree.  I found five minutes and put together the text below.  I
    Simon> probably missed half of what has been discussed here, and I can't write
    Simon> english, and it isn't even in IETF draft format.  But at least it wastes
    Simon> bandwidth. ;-)

  "this message is not warranteed for any purpose. It is not even guaranteed to
waste bandwidth, as you might use gzip" :-)


    Simon> 		Notes on Application Key Distribution

  Thank you. If you like, I could wrap this up into xml (for xml2rfc) and
send it back to you. (I'm not volunteering to maintain it)

    Simon> Requirements on a Solution

    Simon>   "MUST be possible to locate application keys given only IP address
    Simon>   or hostname"

    Simon>   "MUST be possible to secure locating and retrival of the key"

    Simon>   Interpretation: Either via DNSSEC, TSIG, or referral from DNS with a
    Simon>   key fingerprint in DNS similar to WPKI [14], CMS [7], TLS [15] or
    Simon>   something completely different.

    Simon>   "SHOULD be efficient"

    Simon>   Interpretation: UDP would be an advantage.

  There is a leap of logic here. 
  The reply should be small making UDP possible.
  The problems of sub-typing must be examined here (vs differing record names).
The CRL size problem might in fact be solved by asking for, some record, e.g.
    keyid.revoked.dom.ain.	   the lack of a record indicates no revokation.

  CRL's are otherwise just far too big to fit into DNS.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPESjqIqHRg3pndX9AQHL/QP/dSwEluhnUhaP6So6xH9lsOBrp2e+gdge
h0mOJNJeWzSIFtu4IvUMXrBQO33WTemWRT4cj8jPZXZ3GU5ahci0HNWgEo31heYf
HA0pN1ZUciYCw6fEo0jtz1zD60s9Pj81eG+UeQYPSSvN0QU8U8Z/aKHFl1LEwz/V
/NDynqWUv1A=
=FmL+
-----END PGP SIGNATURE-----

References:
- Re: looking for draft volunteers
  - From: Simon Josefsson <simon+keydist@josefsson.org>

Prev by Date: Re: looking for draft volunteers
Next by Date: Re: looking for draft volunteers
Prev by thread: Re: looking for draft volunteers
Next by thread: Is this something to solve
Index(es):
- Date
- Thread

Home | Date list | Subject list