[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC goes to RFC

To: [email protected]
Subject: Re: IPSEC goes to RFC
From: [email protected] (Matthew Ghio)
Date: Thu, 10 Aug 95 21:44 EDT
References: <[email protected]> <m0sgafh-0009yuC@sdwsys>
Sender: [email protected]

[email protected] (Stephen D. Williams) wrote:

> I really like the idea of using DNS for (public I assume) keys...

I don't.

Public keys in the DNS is a bad idea because it makes it difficult to
update the database, especially in large organizations.  When a host's
key is issued or changed then they would have to get the nameserver
admin to change it for them.  This could become a major problem/
inconvenience for many, many people.  The host should be able to give
its own key in response to a query.  That key could, of course, be
signed by any number of trusted signators to guarentee authenticity.

Follow-Ups:
- Re: IPSEC goes to RFC
  - From: "Perry E. Metzger" <[email protected]>
- Re: IPSEC goes to RFC
  - From: Nesta Stubbs <[email protected]>

References:
- Re: IPSEC goes to RFC
  - From: "Perry E. Metzger" <[email protected]>
- Re: IPSEC goes to RFC
  - From: [email protected] (Stephen D. Williams)

Prev by Date: Re: "Protect the children" as passphrase to Constitution
Next by Date: UHS encoding
Prev by thread: Re: IPSEC goes to RFC
Next by thread: Re: IPSEC goes to RFC
Index(es):
- Date
- Thread