To:
"James Seng" <jseng@pobox.org.sg>
Cc:
<keydist@cafax.se>, "Edward Lewis" <lewis@tislabs.com>
From:
Edward Lewis <lewis@tislabs.com>
Date:
Thu, 28 Mar 2002 10:14:51 -0500
In-Reply-To:
<006b01c1d5fb$a0f76540$dd00a8c0@jamessonyviao>
Sender:
owner-keydist@cafax.se
Subject:
Re: Leveraging trust
At 8:55 PM -0500 3/27/02, James Seng wrote: >I know we are still divided on the issue of trust model, whether it is in >scope or not. I think that the trust model has become in scope, and is probably the central issue. >The difficulty of discussion trust model for keys distribution, especially >using DNS, is that it is build on one and only one model - hierarchy. >Hierarachy, single root, is the only model we know that scale in Internet, >we should not ignore that there are other model which also works in large >scale (See phone numbers). I just replied to Keith's message with some questions abotu hierarchy. I would think, though, that telephone numbers are also a form of a hierarchy - at least as the numbering plan in the US is laid out. (I am not doubting that other jurisdictions may have other plans, I am just not aware of them.) In the US we have four parts of the address (counting country code), each roughly geographically based. The addresses do overlap and neighboring regions are not numbered sequentially. So, did I miss the point about telephone numbers not being hierarchical. >I believe we should look at DNS as just another key distribution mechanism. >The goal here is how to distribute keys over DNS "securely". Here, I define >"securely" as only data integrity. And we have to limit the applications of >these keys, specifying where it would be useful (e.g. SSH, IPSEC) and where >it is not (e.g. wire transfer). From the comments at the SAAG meeting by Schiller, it seems like DNS is central to our problem domain and solution. However, I am open to hearing about alternatives. I just don't know what else is out there at this time. I do agree that SSH/IPsec applications are better candidates. >The authentication of the keys and the trust model to do that key >verification is another aspect of the bigger problem someone have to solve. >Someone could be someone else, not neccessary us. Or it could be tackle when >we finish the first goal. However, to squeeze these two topic together is >getting no where. I think that it would be up to the application domain to make sure the key is the "right" one. >Lets get our priority correct and then proceed one step at a time. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NAI Labs Phone: +1 443-259-2352 Email: lewis@tislabs.com Opinions expressed are property of my evil twin, not my employer.