To:
lafur Guðmundsson <ogud@ogud.com>
Cc:
Simon Josefsson <simon+dnssec@josefsson.org>, Ólafur Guðmundsson <ogud@ogud.com>, Jakob Schlyter <jakob@crt.se>, <dnssec@cafax.se>
From:
Derek Atkins <warlord@MIT.EDU>
Date:
06 Sep 2001 21:15:51 -0400
In-Reply-To:
Ólafur Guðmundsson's message of "Thu, 06 Sep 2001 17:44:02 -0400"
Sender:
owner-dnssec@cafax.se
Subject:
Re: Certificates and public keys
=?iso-8859-1?Q?=D3lafur?= =?iso-8859-1?Q?_Gu=F0mundsson?= <ogud@ogud.com> writes:
> *thinking out loud* Maybe we should fix this problem by creating a
> collection of key record types, DHKEY, RSAMD5KEY, DSAKEY, RSASHA1KEY, ECCKEY
> and have applications either ask for a particular record type or a meta
> record type that gives you all.
*shudders at the thought* How HORRIBLE a concept!!! So as new
algorithms (both encryption and hash) come along, we need to use up
precious DNS type-space for them? Considering the key-space in many
of the security algorithms are at least 8 bits and many times even
greater than that, are you willing to leave the same amount of space
available in DNS? How much type-space is there?
> If we are going to do this lets try to get as much right as possible.
> we have plenty of type codes to burn.
Do we? Seriously, are you willing to give up, say, 8-bits of type
space for different key/hash/etc. security algorithms? How about 16
bits of space?
> Olafur
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available