[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why pgp sucks

To: Derek Atkins <[email protected]>
Subject: Re: why pgp sucks
From: "Perry E. Metzger" <[email protected]>
Date: Sat, 11 Feb 1995 08:31:21 -0500
Cc: [email protected]
In-Reply-To: Your message of "Fri, 10 Feb 1995 22:21:04 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Derek Atkins says:
> The only problem with piggybacking off the current DNS implementation
> is that DNS was designed for SMALL pieces of data (read: hostnames and
> IP addresses).  PGP keys are HUGE pieces of data, in respect, and DNS
> just wont handle the sizes.  For example, my PGP key is about 8k of
> data (approximately).  DNS would never be able to handle that!

Well, its already been modified to do it. Read the drafts by Eastlake
and Kaufman on DNS security, which basically means keys in the DNS and
signed DNS records.

> It its bigger than a single UDP packet DNS has trouble.

So you use TCP -- DNS already supports that. In any case, however, the
reassembly size and lowest common denominator MTUs are being jacked
way up for IPv6.

> No, while DNS is a perfect model for a distributed keyserver,
> it is by no means the implementation infrastructure that we want
> to use.

I very strongly disagree. Even today, we find more and more bugs in
DNS. If we had to start from scratch, we'd have to build an
infrastructure like DNS all over again, only to find that we suffer
from all the same old bugs and end up with a parallel implementation
that looks almost exactly like DNS only less reliable.

Perry

References:
- Re: why pgp sucks
  - From: Derek Atkins <[email protected]>

Prev by Date: automatic reply to test posting (lwall)
Next by Date: Privacy vs. Ubiquitous Video: NetCam; Wearable WebCam, etc
Prev by thread: Re: why pgp sucks
Next by thread: Re: why pgp sucks
Index(es):
- Date
- Thread