To:
Derek Atkins <derek@ihtfp.com>
cc:
David Conrad <david.conrad@nominum.com>, Key Distribution <keydist@cafax.se>
From:
Eric Rescorla <ekr@rtfm.com>
Date:
Wed, 12 Jun 2002 09:58:18 -0700
In-reply-to:
Your message of "12 Jun 2002 12:49:21 EDT." <sjmvg8o5tny.fsf@kikki.mit.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
> Eric Rescorla <ekr@rtfm.com> writes: > > > > > Nearly all of the major IETF security protocols (TLS, IPsec, OpenPGP) > > > > already have their own certificate discovery mechanism > > > > > > More specifically, as far as I can tell (and, of course, I'm not a "card > > > carrying credentialed security person", so I shouldn't speak out of turn, > > > but...), none of the myriad existing key distribution mechanisms have been > > > deployed on anything like a significant scale. > > > > Huh? You must have somehow missed the millions of SSL sites on the net. > > I am a "card carrying credentialed security person", so let me pipe > in. ;) I don't remember seeing your card. > Eirc, SSL != (TLS, IPsec, OpenPGP). I'll buy that SSL == TLS, but > that wasn't the original question. IPsec, OpenPGP, and S/MIME all > have the key distribution problem. You may argue that IPsec can solve > the problem the same way that SSL/TLS does by each endpoint sending > its signed cert to the peer, however that presupposes a global PKI > (which really doesn't exist) in order to have arbitrary communication. > Just look at the trouble the FreeS/WAN people have had with their > opportunistic encryption. Let's take a step back here: The message I was responding to was just suggesting shoving X.509 certs into the DNS. I don't think that's of much value. This is a different question from whether some parallel DNS-based PKI would be of value. > > In any case, I'm not sure what you mean by "key distribution > > mechanisms". The protocols in question typically have a way for one > > peer to give the other their certificate. This is vastly easier > > than trying to insert a certificate into some DNS server. > > No, they don't. Many protocols ignore the question of how certs are > obtained, they just assume they exist and are distributed "somehow." > For exmaple, if I want to send you a PGP message (or S/MIME message) I > need to have your cert before I contact you. All of the interactive protocols have their own mechanisms. AS I said, the screw cases are the store and forward encryption protocols, i.e. S/MIME and PGP. PGP at least has it's own certificate distribution mechanism (in fact, more than one). I don't have any basic objection to using DNS as a certificate distribution system for S/MIME, but I also don't think it's that important or valuable. People can't even be bothered to get certificates now, let alone arrange for their admin to cram them in the DNS. -Ekr