1994-06-17 - Re: swipe working on infinity.c2.org

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: cypherpunks@toad.com
Message Hash: 3c77cea20b57b0241b86408930127914ac3a1376d73efbef24a51d84da0f13af
Message ID: <9406171443.AA02156@snark.imsi.com>
Reply To: <9406171537.aa02661@salmon.maths.tcd.ie>
UTC Datetime: 1994-06-17 14:43:59 UTC
Raw Date: Fri, 17 Jun 94 07:43:59 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Fri, 17 Jun 94 07:43:59 PDT
To: cypherpunks@toad.com
Subject: Re: swipe working on infinity.c2.org
In-Reply-To: <9406171537.aa02661@salmon.maths.tcd.ie>
Message-ID: <9406171443.AA02156@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain

Alastair McKinstry says:
> What do yo see as the problem with this (PGP keys) ? What kind of
> key management architecture would you recommend ?

Well, as I said, just as one example, its too hard to reverse map key
IDs into the entities that possess the keys. I'm thinking these days
in terms of building an infrastructure in which a large fraction of
the net can run "in black", which means you need good automated key
management. To do that, you need distributed databases. Databases like
DNS work very nicely for this purpose. Now, DNS can reverse map IP
addresses because IP addresses are structured so it is possible to
assume that if you have delegation over a set of them that you likely
have the forward maps as well. However, you can't build something like
that to handle random PGP key IDs. That means that if you want to be
able to look up key IDs automatically in a network wide DNS style
database, you lose. Key IDs need structure so you can trace them to
organizations with delegation over particular sections of the
keyspace, just as in DNS you have structure to domain names so you can
figure out who has delegation over what part of the domain name space.

Anyway, this is the sort of thing I'm thinking about these days.