From: "Peter Trei" <trei>
Date: Fri, 11 Aug 95 06:51:35 PDT
To: cypherpunks@toad.com
Subject: Re: IPSEC goes to RFC
Message-ID: <9508111351.AA04381@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Eastlake has actually done a draft RFC on
using the DNS for key distribution.

It may be found at 

ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt

He briefed the W3C security working group about
this recently, and a number of people raised objections, notably

* database bloat
* zone transfer bloat
* increased hits on root servers due to a new class of inquiry.

There was some discussion as to whether these were valid objections,
and the people running prototype code said they had had no problems.


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
trei@process.com