Hal says:
Matt Blaze <mab@crypto.com> writes:
More seriously, the problem that Perry brought up is that it's hard to deploy any kind of scaleable key distribution infrastructure that works with PGP (as it currently exists - and yes, I realize there are work-arounds for some specific situations).
Could you have a distributed database where you lookup by key ID and get a key? Or is there a constraint that the key distribution infrastructure has to be part of the DNS?
I could see a set of key servers where one deals with all keys that start with 0x00, the next has all keys which start with 0x01, etc. This makes it easy to know which server to go to in order to look up a given key ID.
Theis will not work, Hal, because it would mean that administrative control over keys would have to be held by people far removed organizationally and spacially from those who own them. Things work much better when the administrators and users are close together. Futhermore, the DNS style solution scales -- it automatically aquires servers to meet demand as the space expands, unlike a pseudo-distributed system such as the one you propose. Furthermore, DNS is one of the few really large scale distributed databases that has been well proven, and piggybacking off the technology has real advantages. Perry