[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Design] Re: the KEY debate

To: namedroppers <namedroppers@ops.ietf.org>
Subject: RE: [Design] Re: the KEY debate
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Thu, 8 Aug 2002 11:06:13 -0700

I don't think that the allegations of FUD are justified, however it is clear
that this group does not have a clear understanding of the security issues
surrounding key distribution.

Single point of failure sounds scary, however that is not the main reason
why it is a canonically bad idea to reuse DNS as a key distribution system.

The real problem is that DNS is designed operated and deployed as a name
infrastructure. The majority of the DNS servers are deployed without any
form of security analysis. Only a small number of TLDs have a comprehensive
security profile in place.

It is a very bad idea to make a change in a deployed protocol that changes
its status from a non-security infrastructure to a critical security
infrastructure.

From a technical point of view it is quite possible to integrate a Kerberos
style key distribution mechanism into DNS and if DNS was being designed from
scratch that is exactly what I would propose. However retrofitting any type
of primary key distribution scheme into a deployed service is completely
unacceptable.


There is a solution to this problem.

		DNS -> SRV -> XKMS



		Phill

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: [Design] Re: the KEY debate
  - From: Ted Lemon <Ted.Lemon@nominum.com>

Prev by Date: Re: QType: ADDR
Next by Date: Re: QType: ADDR
Previous by thread: Re: [Design] Re: the KEY debate
Next by thread: Re: [Design] Re: the KEY debate
Index(es):
- Date
- Thread