To:
Richard Shockey <rshockey@ix.netcom.com>
Cc:
Greg Hudson <ghudson@MIT.EDU>, keydist@cafax.se, smb@research.att.com, jis@MIT.EDU
From:
David Terrell <dbt@meat.net>
Date:
Thu, 3 Oct 2002 20:25:49 -0700
Content-Disposition:
inline
In-Reply-To:
<5.1.0.14.2.20021003220917.01f9a5e8@popd.ix.netcom.com>
Reply-To:
David Terrell <dbt@meat.net>
Sender:
owner-keydist@cafax.se
User-Agent:
Mutt/1.4i
Subject:
Re: I intend to have a document ready for Atlanta on this subject.
On Thu, Oct 03, 2002 at 10:45:15PM -0400, Richard Shockey wrote: > understood.. but I submit it is still a bad idea for no other reasons than > the UDP vs TCP issue and that N applications may need different keys > referenced against a single globally unique input string...aka FQDN or SMPT > address or similar URI addresses such as SIP. The size issue is solved by EDNS0, see rfc 3226. > There may be one key derived from mailto:richard@shockey.us and another > from sip:richard@shockey.us . The opportunistic PKI infrastructure must be > flexible enough to accommodate both and NAPTR records do that by allowing > the ABNF syntax for the NAPTR service field to be defined by and listing > the application protocol the application supports. > as an example.. Ugh, NAPTR. an Email signature key for richard@shockey.us would be a different keytype from SIP, they would be used in different contexts. SIP is a pretty good candidate for using IPsec, for example, whereas email isn't because it does through so many intermediate systems. Email key types already exist (PGP, SMIME), so shoehorning them into the same RDATA format with HTTPS keys seems no good. -- David Terrell | "We must go forward, not backwards; upwards, Nebcorp Prime Minister | not forwards; and always twirling, twirling, dbt@meat.net | twirling towards freedom!" http://wwn.nebcorp.com/ | - The Simpsons