[14146] in cryptography@c2.net mail archive
Re: Is cryptography where security took the wrong branch?
daemon@ATHENA.MIT.EDU (bmanning@karoshi.com)
Wed Sep 10 22:21:52 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: bmanning@karoshi.com
To: lynn@garlic.com (Anne & Lynn Wheeler)
Date: Wed, 10 Sep 2003 12:43:46 -0700 (PDT)
Cc: bmanning@karoshi.com, cryptography@metzdowd.com
In-Reply-To: <4.2.2.20030910122522.00ab56b0@mail.earthlink.net> from "Anne & Lynn Wheeler" at Sep 10, 2003 12:56:05 PM
>
> At 09:57 AM 9/10/2003 -0700, bmanning@karoshi.com wrote:
> > ok... does anyone else want to "touch" a secured DNS system
> > that has some parts fo the tree fully signed? Its a way to
> > get some emperical understanding of how interesting/hard
> > it is to hammer the DNS into a PKI-like thing.
> >
> > www.rs.net has some information.
>
> My assertion is 1) DNS integrity issues have to be addressed as part of
> generalized DNS trust issues .... regardless of any use for trusted
> distribution of information that may include public keys. 2) because domain
> name infrastructure is the root authority for CA/PKI SSL domain name
> certificates, there is a suggestion that public keys be registered as part
> of domain name registration (to fix trust issues in domain infrastructure
> on behalf of the CA/PKI industry). Being able to trust DNS ... and having
> registered public keys .... means that existing DNS information
> distribution operation can turn itno trusted distribution of public keys
> (aka existing DNS infrastructure supports distribution of any information
> that happens to be registered).
Nice collection of URLs.
Ack both your assertions. RS.NET is a testbed that is being used to
validate the accuray of those assertions and explore the operational
and social impact with the deployment of a DNS that can respond
with information which can be independently verified for accuracy.
--bill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
