[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC goes to RFC



Don Eastlake has actually done a draft RFC on
using the DNS for key distribution.

It may be found at 

ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt

He briefed the W3C security working group about
this recently, and a number of people raised objections, notably

* database bloat
* zone transfer bloat
* increased hits on root servers due to a new class of inquiry.

There was some discussion as to whether these were valid objections,
and the people running prototype code said they had had no problems.


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
[email protected]