IPSEC goes to RFC
Perry E. Metzger
perry at panix.com
Sat Aug 12 05:35:08 PDT 1995
"Peter Trei" writes:
> Don Eastlake has actually done a draft RFC on
> using the DNS for key distribution.
Its more than a draft -- at this point it is very clearly standards
track. Note that the document in question only covers security for the
DNS itself, but the side effect is that you've built all the
mechanisms you need for general key distribution. Don is now working
on the certificate formats.
> It may be found at
>
> ftp://ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dnssec-secext-04.txt
>
> He briefed the W3C security working group about
> this recently, and a number of people raised objections, notably
>
> * database bloat
> * zone transfer bloat
> * increased hits on root servers due to a new class of inquiry.
As I've noted, given the actual in-field experience of Hesiod, I'm not
in the least worried.
.pm
More information about the cypherpunks-legacy
mailing list