1995-08-11 - Re: IPSEC goes to RFC

Header Data

From: ghio@cmu.edu (Matthew Ghio)
To: cypherpunks@toad.com
Message Hash: 27def2fb47cbbeb006aa646034da6814fa5767194f14f23997ee814af20712c1
Message ID: <m0sgj9W-000wP1C@myriad>
Reply To: <199508101452.KAA24637@panix4.panix.com>
UTC Datetime: 1995-08-11 01:56:33 UTC
Raw Date: Thu, 10 Aug 95 18:56:33 PDT

Raw message

From: ghio@cmu.edu (Matthew Ghio)
Date: Thu, 10 Aug 95 18:56:33 PDT
To: cypherpunks@toad.com
Subject: Re: IPSEC goes to RFC
In-Reply-To: <199508101452.KAA24637@panix4.panix.com>
Message-ID: <m0sgj9W-000wP1C@myriad>
MIME-Version: 1.0
Content-Type: text/plain


sdw@lig.net (Stephen D. Williams) wrote:

> I really like the idea of using DNS for (public I assume) keys...

I don't.

Public keys in the DNS is a bad idea because it makes it difficult to
update the database, especially in large organizations.  When a host's
key is issued or changed then they would have to get the nameserver
admin to change it for them.  This could become a major problem/
inconvenience for many, many people.  The host should be able to give
its own key in response to a query.  That key could, of course, be
signed by any number of trusted signators to guarentee authenticity.





Thread