To:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
cc:
keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Tue, 15 Jan 2002 21:11:52 -0500
In-reply-to:
Your message of "Tue, 15 Jan 2002 17:14:33 EST." <200201152214.g0FMEXh01982@marajade.sandelman.ottawa.on.ca>
Sender:
owner-keydist@cafax.se
Subject:
Re: looking for draft volunteers
> I'm not certain that DNS based systems are going to be useful for anything > other than the casual use mechanism. In my experience the lack of casual use > of encryption is what makes non-casual use so hard to do - people aren't used > to doing things at all and the software is never ready. hmmm. but that's also the reason that people are pushing for a casual use mechanism - because that way, people (users) don't have to do anything at all! of course, you don't get much in the way of useful security from that. > Keith> OTOH, if we design a framework that allows multiple degrees of > Keith> trust, and multiple paths for establishing trust, the same products > Keith> that provide a casual level of security for things authenticated > Keith> solely by DNS, can also provide a higher level of security for > Keith> things authenticated by more trustworthy means. > > So, I agree strongly with you here. > > But, I'm not clear if the more trustworthy means are necessarily related in > any way to DNS. two things: 1. The "security for no effort" argument is what will drive deployment of this technology. And if the only way it can verify a key is by blindly following a chain of keys from the DNS root key, it will be worse than useless. But if the technology also provides other mechanisms with which to validate keys, and it allows users to invest different degrees of trust in different keys depending on how those keys were validated, then it would be a significant benefit to have it deployed. In other words, we can use the belief in "security for no effort" (even if this is a delusion) to get a very useful technology deployed. 2. As for the relationship between the "more trustworthy means" and DNS: It really would be useful for organization FOO.COM to be able to configure its computers to trust FOO.COM's "root" key for FOO company business. This would allow them to establish trustworthiness for keys from all sub-domains of FOO.COM merely by configuring the trust for a single key in each of their machines. Keith