[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cks-devl] Re: cks
From: |
David Shaw |
Subject: |
Re: [cks-devl] Re: cks |
Date: |
Fri, 14 Jun 2002 14:24:52 -0400 |
User-agent: |
Mutt/1.5.1i |
On Fri, Jun 14, 2002 at 08:08:26PM +0200, Simon Josefsson wrote:
> V Alex Brennen <address@hidden> writes:
>
> > On Fri, 14 Jun 2002, Simon Josefsson wrote:
> >
> >> Would you accept patches that implements OpenPGP key distribution via
> >> DNS? What do you think of this approach? I haven't looked at CKS,
> >> but I'm thinking about the writing some of this at some point in time.
> >
> > What do you mean via DNS? You mean locking each node down to a
> > specific TLD and refering request through them?
>
> That, but also a kind of DNS "hosting" of OpenPGP keys.
>
> Consider e.g. finding key of user id 0x5C980097 by looking up
> (0x5C980097.keyserver.cryptnet.net, IN, CERT). One benefit from this
> is that by simply adding NS's for that DNS zone, you get server
> fail-over without clients having to enter more than the
> "keyserver.cryptnet.net" string. Clients also often selects the
> closest server by measuring RTTs so you get better response times and
> better server loads.
... and you can use DNS UPDATE to add signatures :)
Simon, can you point me to any examples of this sort of DNS record?
Somehow I got the idea that RFC 2538 was being deprecated in favor of
an alternate use of KEY.
David
--
David Shaw | address@hidden | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson