1995-08-12 - Re: IPSEC goes to RFC

Header Data

From: “Perry E. Metzger” <perry@panix.com>
To: trei@process.com
Message Hash: cfd52d88ff22f4084d847aaef4926e3d1048bef1a576fc0850cb43053b0ed0cf
Message ID: <199508121234.IAA03887@panix4.panix.com>
Reply To: <9508111351.AA04381@toad.com>
UTC Datetime: 1995-08-12 12:35:08 UTC
Raw Date: Sat, 12 Aug 95 05:35:08 PDT

Raw message

From: "Perry E. Metzger" <perry@panix.com>
Date: Sat, 12 Aug 95 05:35:08 PDT
To: trei@process.com
Subject: Re: IPSEC goes to RFC
In-Reply-To: <9508111351.AA04381@toad.com>
Message-ID: <199508121234.IAA03887@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> Don Eastlake has actually done a draft RFC on
> using the DNS for key distribution.

Its more than a draft -- at this point it is very clearly standards
track. Note that the document in question only covers security for the
DNS itself, but the side effect is that you've built all the
mechanisms you need for general key distribution. Don is now working
on the certificate formats.

> It may be found at 
> 
> ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt
> 
> He briefed the W3C security working group about
> this recently, and a number of people raised objections, notably
> 
> * database bloat
> * zone transfer bloat
> * increased hits on root servers due to a new class of inquiry.

As I've noted, given the actual in-field experience of Hesiod, I'm not
in the least worried.

.pm





Thread