KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: RJ Atkinson <rja@extremenetworks.com>
Cc: keydist@cafax.se
From: Randy Bush <randy@psg.com>
Date: Tue, 26 Mar 2002 11:53:50 -0800
Sender: owner-keydist@cafax.se
Subject: Re: My take on the BoF session

>>> Example:  inet.org could use its own key to sign DNS records
>>> 	    under inet.org and could distribute the authentication key
>>> 	    for inet.org's records via out-of-band/non-DNS methods.
>> this seems a fantastic improvement over inet.org distributing the
>> ssh keys themselves via oob.
> Sarcasm noted, but it actually would be a big improvement.
> I'll assume that the scaling benefit wasn't obvious and
> add more detail below.
> 
> Instead of having to use OOB methods to distribute a large
> number of keys (some of which change relatively frequently)
> to a large number of correspondents (which approach is O[n * m]
> complexity), one can distribute *1* authentication key
> (which would not change often at all) to the same number of
> correspondents (which approach is O[m] complexity).

oh, like sending a cert for my ldap server which serves psg.com's
pgp, ssh, and sushi cabinet keys, as well as the whois data for
users, subdomains, addres space, ...?

randy

Follow-Ups:
- Re: My take on the BoF session
  - From: RJ Atkinson <rja@extremenetworks.com>

References:
- Re: My take on the BoF session
  - From: Randy Bush <randy@psg.com>
- Re: My take on the BoF session
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Re: My take on the BoF session
Next by Date: Re: My take on the BoF session
Prev by thread: Re: My take on the BoF session
Next by thread: Re: My take on the BoF session
Index(es):
- Date
- Thread

Home | Date list | Subject list