North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: PGP kerserver infrastructure
- From: Randy Bush
- Date: Fri Jun 30 09:42:30 2000
> While I have limited experience in PGP infrastructure, I have spent a great
> deal of time with X.500 & X509 infrastructure (sympathy appreciated).
i watched that and see the parallel.
> The key service folk (PGP and anyone IETF-izing the X509 world, and the
> IPSEC folk for that matter) would be doing a Huge Service to Humanity if
> they simply *defined* the manner in which key servers will find each other
> using the DNS.
i am not convinced. the email address space you describe maps well to the
dns as it too is hierarchic (in fact is the identical hierarchy:-). the pgp
key space is not obviously hierarchic, but rather a non-directed and cyclic
graph. so using the dns, e.g. srv rrs, to find a keyserver is not a mapping
so obvious that i can see it.
unless you are suggesting that looking for the public key for randy@psg.com
should follow the dns hierarchy for psg.com. this forces all keys ids to be
domain name based, which is not a restriction in pgp. it also does not work
in obvious ways for reverse lookup, though i can envision a hack similar to
in-addr.arpa (yuck).
randy
|
