To:
RJ Atkinson <rja@extremenetworks.com>
Cc:
keydist@cafax.se
From:
Randy Bush <randy@psg.com>
Date:
Tue, 26 Mar 2002 11:53:50 -0800
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
>>> Example: inet.org could use its own key to sign DNS records >>> under inet.org and could distribute the authentication key >>> for inet.org's records via out-of-band/non-DNS methods. >> this seems a fantastic improvement over inet.org distributing the >> ssh keys themselves via oob. > Sarcasm noted, but it actually would be a big improvement. > I'll assume that the scaling benefit wasn't obvious and > add more detail below. > > Instead of having to use OOB methods to distribute a large > number of keys (some of which change relatively frequently) > to a large number of correspondents (which approach is O[n * m] > complexity), one can distribute *1* authentication key > (which would not change often at all) to the same number of > correspondents (which approach is O[m] complexity). oh, like sending a cert for my ldap server which serves psg.com's pgp, ssh, and sushi cabinet keys, as well as the whois data for users, subdomains, addres space, ...? randy