[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    Re: DNSsec as replacement for key servers?
From:       Derek Atkins <warlord () mit ! edu>
Date:       1998-04-29 20:32:49
[Download RAW message or body]

What we'd need to do is just define our own KEY type parameter..  Just
define a PGP KEY for DNSSEC, which is the full PGP Key Certificate
(Plus PGP Sigs)....

-derek

Marcel Waldvogel <mwa@tik.ee.ethz.ch> writes:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> For a long time, I've been under the impression that DNSsec would
> provide a way to fully decentralize keyservers.
> 
> Now, I've looked at the drafts in more detail, and have found out
> that there is a way to incorporate RSA and DSA keys and signatures
> on these keys, but there is (currently) no way to add a more complex
> structure (i.e. all the information that will soon be found in the
> keys, such as expiry date, preferred algorithm, ...).
> 
> So my assumption is now that PGP keys are a long way from being
> able to get incorporated into DNS, although they are "basically"
> mappable to it (but signatures will fail, because they also cover
> information not in DNS). Is this true? Has anyone thought to bring
> that forward in the DNSsec workgroup?
> (I haven't been following DNSsec at all)
> 
> - -Marcel
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: next
> 
> iQCVAwUBNUcUnOq7ynKGIBQHAQHThgP/T1VEsjHm9YLNS1sW0aw9gc4xQf2MD3AM
> zPn+5Rn5yGWqdVw7zV1lYQFqVHfqzQfDK7Eb/nNwvEVS+v71tEgTZ2ei8FTfx9CX
> zKwwl1eGW3Xgqqbz/We+iEz4DsWzvsnJHBbLotLXrzBpowF/mZkkN8xcJ8rp70oZ
> u440+WDTFdo=
> =Ir47
> -----END PGP SIGNATURE-----

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
       warlord@MIT.EDU                        PGP key available

[prev in list] [next in list] [prev in thread] [next in thread]