IPSEC goes to RFC

Perry E. Metzger perry at panix.com
Thu Aug 10 20:49:29 PDT 1995



Matthew Ghio writes:
> sdw at lig.net (Stephen D. Williams) wrote:
> 
> > I really like the idea of using DNS for (public I assume) keys...
> 
> I don't.
> 
> Public keys in the DNS is a bad idea because it makes it difficult to
> update the database, especially in large organizations.

Thats one of a number of reasons why the DNS dynamic update facility
has been created.

> The host should be able to give
> its own key in response to a query.

What makes you assume we are using hosts as the keyed endpoints in the
usual case? Users are also getting keys, and querying them will be
difficult until humans all come equipped with implanted radio
transmitters. See "The Presidents Analyst" for a possible solution to
that problem, but I prefer DNS :-)

Perry






More information about the cypherpunks-legacy mailing list