[29611] in North American Network Operators' Group
Re: PGP kerserver infrastructure
daemon@ATHENA.MIT.EDU (Rick Irving)
Thu Jun 29 15:05:48 2000
Message-ID: <395B9D52.FC6F2A55@onecall.net>
Date: Thu, 29 Jun 2000 14:02:42 -0500
From: Rick Irving <rirving@onecall.net>
MIME-Version: 1.0
To: Jeff Haas <jeffhaas@merit.edu>
Cc: NANOG <nanog@merit.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Hey, just a thought... does anyone know the "edge" of
what say, Americans, are allowed to discuss with ,
say, non-American's, with respect to crypto...
I got zapped for an email to Australia once...
(early SSLeay) Just thought someone who was up
on the current "state of affairs" might be
willing to post. I know some things have changed
recently....
Listening.....
:)
Jeff Haas wrote:
>
> On Thu, Jun 29, 2000 at 11:29:39AM -0400, Steven M. Bellovin wrote:
> > The issue isn't so much network availability -- though a key server
> > designed to meet the needs of NANOG folks is interesting, since they
> > most need to talk to each other when the net isn't working well -- as
> > service availability. That has all sorts of implications at the
> > application level.
>
> Like RIPE, pgpkey (rfc2726) support is coming to the RADB Real Soon Now.
> IRRd (the backend of the RADB) also has had work recently put into
> the issue of verifying database synchronization. This functionality
> will be available to the IRRd community in the next release.
>
> But a small (and incomplete) preview:
>
> $ whois -h whois.radb.net "!j-*"
> RADB:Y:14679-22498
> ANS:Y:1-5855
> RIPE:N:0-12149653
> APNIC:N:0-240883
> VERIO:Y:1295-3227
> FGC:Y:650-1821
> [snip]
>
> Field explanation:
>
> db-name:mirrorable:lowest_journal-currentserial:last_export
>
> db-name: obvious
> mirrorable: whether or not the querant is allowed to mirror this db.
> lowest_journal: the starting range at which a mirror can be satisfied.
> always 0 for not-mirrorable.
> currentserial: obvious
> last_export: for databases that are exported to the ftp area, the last
> serial number at which the database was exported. Useful
> for databases which are updated only periodically and don't
> need to be mirrored real-time. (Not implemented yet.)
>
> One of the missing components is the repository object to be
> supplied by rps-dist which will allow you to check a secondary
> or tertiary mirror's currentserial against the primary repository.
> But at the moment, the list published at
> http://www.radb.net/docs/list.html provides a good start.
>
> Between the current polling mechanism, the planned flooding mechanism
> for rpsl-dist and the above for verifying synchronization, using the
> IRR may be a reasonable storage location for PGP Keys.
>
> (N.B.: The !j mechanism is a IRRd-only query extension at this point.
> But we are speaking to the other IRR software developers about
> providing similar support.)
>
> > --Steve Bellovin
>
> --
> Jeffrey Haas - Merit RSng project - jeffhaas@merit.edu
