To:
keydist@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Tue, 15 Jan 2002 16:48:26 -0500
In-reply-to:
Your message of "Mon, 14 Jan 2002 14:55:04 +0100." <Pine.LNX.4.33.0201141439480.22829-100000@slipsten.extundo.com>
Sender:
owner-keydist@cafax.se
Subject:
Re: looking for draft volunteers
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "Simon" == Simon Josefsson <simon+keydist@josefsson.org> writes: Simon> I agree. I found five minutes and put together the text below. I Simon> probably missed half of what has been discussed here, and I can't write Simon> english, and it isn't even in IETF draft format. But at least it wastes Simon> bandwidth. ;-) "this message is not warranteed for any purpose. It is not even guaranteed to waste bandwidth, as you might use gzip" :-) Simon> Notes on Application Key Distribution Thank you. If you like, I could wrap this up into xml (for xml2rfc) and send it back to you. (I'm not volunteering to maintain it) Simon> Requirements on a Solution Simon> "MUST be possible to locate application keys given only IP address Simon> or hostname" Simon> "MUST be possible to secure locating and retrival of the key" Simon> Interpretation: Either via DNSSEC, TSIG, or referral from DNS with a Simon> key fingerprint in DNS similar to WPKI [14], CMS [7], TLS [15] or Simon> something completely different. Simon> "SHOULD be efficient" Simon> Interpretation: UDP would be an advantage. There is a leap of logic here. The reply should be small making UDP possible. The problems of sub-typing must be examined here (vs differing record names). The CRL size problem might in fact be solved by asking for, some record, e.g. keyid.revoked.dom.ain. the lack of a record indicates no revokation. CRL's are otherwise just far too big to fit into DNS. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPESjqIqHRg3pndX9AQHL/QP/dSwEluhnUhaP6So6xH9lsOBrp2e+gdge h0mOJNJeWzSIFtu4IvUMXrBQO33WTemWRT4cj8jPZXZ3GU5ahci0HNWgEo31heYf HA0pN1ZUciYCw6fEo0jtz1zD60s9Pj81eG+UeQYPSSvN0QU8U8Z/aKHFl1LEwz/V /NDynqWUv1A= =FmL+ -----END PGP SIGNATURE-----