IPSEC goes to RFC
Matthew Ghio
ghio at cmu.edu
Thu Aug 10 18:56:33 PDT 1995
sdw at lig.net (Stephen D. Williams) wrote:
> I really like the idea of using DNS for (public I assume) keys...
I don't.
Public keys in the DNS is a bad idea because it makes it difficult to
update the database, especially in large organizations. When a host's
key is issued or changed then they would have to get the nameserver
admin to change it for them. This could become a major problem/
inconvenience for many, many people. The host should be able to give
its own key in response to a query. That key could, of course, be
signed by any number of trusted signators to guarentee authenticity.
More information about the cypherpunks-legacy
mailing list