From: Nesta Stubbs <nesta@wwa.com>
To: cypherpunks@toad.com
Message Hash: 63248e8bc867180c00f088988222949fff28d3705d52ab148c5443d6d81a033e
Message ID: <Pine.BSD.3.91.950811001051.1066E-100000@miso.wwa.com>
Reply To: <m0sgj9W-000wP1C@myriad>
UTC Datetime: 1995-08-11 05:14:00 UTC
Raw Date: Thu, 10 Aug 95 22:14:00 PDT
From: Nesta Stubbs <nesta@wwa.com>
Date: Thu, 10 Aug 95 22:14:00 PDT
To: cypherpunks@toad.com
Subject: Re: IPSEC goes to RFC
In-Reply-To: <m0sgj9W-000wP1C@myriad>
Message-ID: <Pine.BSD.3.91.950811001051.1066E-100000@miso.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 10 Aug 1995, Matthew Ghio wrote:
> sdw@lig.net (Stephen D. Williams) wrote:
>
> > I really like the idea of using DNS for (public I assume) keys...
>
> I don't.
>
> Public keys in the DNS is a bad idea because it makes it difficult to
> update the database, especially in large organizations. When a host's
> key is issued or changed then they would have to get the nameserver
> admin to change it for them. This could become a major problem/
> inconvenience for many, many people. The host should be able to give
> its own key in response to a query. That key could, of course, be
> signed by any number of trusted signators to guarentee authenticity.
>
There are some other problems too I believe. I have worked for a decent
sized network who did all user authentication at the terminal servers for
dial-in accounts thru DNS. This wasn't too bad for just passws and
stuff, but wouldn't this cause some bloat in the nameservers database?
As well as cause problems security wise when it comes to updates. Would
these automatically not be cached in any form by the site making the
request? This also causes a problem for smaller time people who perhaps
have a PPP/SLIP connection 24/7 but have nameserve done by their prvider,
and I for sure don't want my provider to be in control of those keys.
Nesta Stubbs "under the streamlined chrome shell, you'd
Cynico Network Consulting find the same victorian mechanism." WG
nesta@wwa.com
Return to August 1995
Return to “sdw@lig.net (Stephen D. Williams)”