DNS Keys (was A brief comparison of email encryption protocols)

Donald E. Eastlake 3rd (dee@cybercash.com)
Thu, 15 Feb 1996 17:14:10 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Housley, Russ: "Re: Problems with MSP"
Previous message: Donald E. Eastlake 3rd: "Re: Context sensitive encryption"

On Thu, 15 Feb 1996, Raph Levien wrote:
> Date: Thu, 15 Feb 1996 11:21:06 -0800 (PST)
> From: Raph Levien <raph@c2.org>
> Cc: resolving-security@imc.org, pem-dev@neptune.tis.com
> ... 
> On Thu, 15 Feb 1996, James M. Galvin wrote:
> > ...
> > >   Perhaps the biggest feature required in the mailer is integration
> > >of key management and the "address book". If this feature is not
> > >implemented in the mailer, then two address books are required - one
> > >to select email addresses, and another to map email addresses to keys.
> > >This approach is used by premail, and is the source of many usability
> > >problems. It would be nice if a database existed which could map email
> > >addresses to public keys without manual intervention, but none of the
> > >proposals on the table are capable of it.
> > 
> > In point of fact, MOSS supports this feature.  The email address name form
> > was included precisely because we figured people would want to continue to
> > use names with which they were familiar.  Further, the email address could
> > be parsed and the DNS could be used to lookup the public key.
> 
>    I chose my words poorly. What I meant to say is that none of the 
> proposals can map an email address to a public key without the use of a 
> manually maintained database.
> 
>    DNS? Are you suggesting that the public key be stored within the DNS 
> database? The idea is nice, but DNS as deployed today is far too 
> insecure (see the Wall Street Journal, 9 Feb 1996 for an example).

Please check out draft-ietf-dnssec-secext-09.txt in the IETF shadow
directories (such as ftp.isi.edu/internet-drafts).  It specifies a
standard for authenticating data retrieved from the DNS and using the
DNS for key distribution.

> ...
> 
> Raph

Donald
=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html

Next message: Housley, Russ: "Re: Problems with MSP"
Previous message: Donald E. Eastlake 3rd: "Re: Context sensitive encryption"