DNS key distribution/keyservers

[root <root@wero>]

-----BEGIN PGP SIGNED MESSAGE-----

A while ago, Peter Trei <trei@toad.com> said:

>Don Eastlake has actually done a draft RFC on
>using the DNS for key distribution.
>
>It may be found at 
>
>ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt
[snip]

I'm sure everyone agrees that a 5 meg keyfile is a bit big, but has anyone
considered working on the QUALITY of the keyfile instead of making it easier
to retrive QUANTITIES of keys.. Ie: What about creating one big web of
trust out of current keys. Or maybe allowing keys only if they have some
connection to some other key previously submitted, or simultaneously 
submitted.

Currently, having one big keyfile creates the impression that keys
distributed over a keyserver are more valid. In a sense they are, but only
because someone who's being spoofed could learn of the key that is
supposedly theirs.

However, there's really no reason to trust a key as anything but a nym
unless it's signed by someone in _your_ web of trust. I believe that
modifying keyservers to accept only keys that are linked to currently
known keys would encourage everyone to become part of that web of trust.
After all, the public key of a nym can be obtained from the nym themself.

Anybody have any thoughts on this?

Don

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMEF2psLa+QKZS485AQHo/QL9GIEsboNghINgrzE5mnW/2d9i/sn4tgzw
5Ne9zerIdT0QcUWOI/ETw4pYMf8CBPD7iSU1oHxv+qoa/vgxGJCPW9fKYKPURYzE
Aev2zw5Js4BnQqYKhhvPpnEEsGqnuuAd
=0h+o
-----END PGP SIGNATURE-----
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://bert.cs.byu.edu/~don     or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Death threats ALWAYS pgp signed
* This user insured by the Smith, Wesson, & Zimmermann insurance company *