----- Unsent message follows -----
Received: by us1rmc.bb.dec.com; id AA00439; Thu, 16 Sep 93 11:11:22 -0400
Received: by inet-gw-1.pa.dec.com; id AA04894; Thu, 16 Sep 93 08:12:15 -0700
Received: from magellan.tis.com by magellan.TIS.COM id aa21858;
16 Sep 93 10:24 EDT
Received: from tis.com by magellan.TIS.COM id aa21854; 16 Sep 93 10:19 EDT
Received: from azalea.tis.com by TIS.COM (4.1/SUN-5.64)
id AA03812; Thu, 16 Sep 93 10:19:38 EDT
Received: by azalea.tis.com; id AA01096; Thu, 16 Sep 93 10:18:20 EDT
Received: from mwunix.mitre.org/128.29.154.1 via smap
Return-Path: <shirey(_at_)smiley(_dot_)mitre(_dot_)org>
Received: from smiley.mitre.org.sit (smiley.mitre.org) by mwunix.mitre.org (5.6
5c/SMI-2.2)
id AA24927; Thu, 16 Sep 1993 10:18:31 -0400
Received: from Mac-mailer (shirey-mac.mitre.org) by smiley.mitre.org.sit (4.1/S
MI-4.1)
id AA19936; Thu, 16 Sep 93 10:18:14 EDT
Message-Id:
<9309161418(_dot_)AA19936(_at_)smiley(_dot_)mitre(_dot_)org(_dot_)sit>
Date: Thu, 16 Sep 93 10:23:53 EST
From: "Robert W. Shirey" <shirey(_at_)smiley(_dot_)mitre(_dot_)org>
To: atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil
Subject: Re: [resend] Use of DNS to distribute keys
Cc: Beast <dee(_at_)skidrow(_dot_)lkg(_dot_)dec(_dot_)com>,
ipsec(_at_)ans(_dot_)net, namedroppers(_at_)nic(_dot_)ddn(_dot_)mil,
pem-dev(_at_)tis(_dot_)com, Masataka Ohta
<mohta(_at_)necom830(_dot_)cc(_dot_)titech(_dot_)ac(_dot_)jp>
Until now, the following message thread has not been copied to pem-dev. It
shou ld be, I think, because it calls into question the need for certificates
to distribute p ublic keys in the Internet. In the following message from
Masatak Ohta, there is included a quote from, I believe, Ran Atakinson:
> > Key certificates are
> > generally too big and clunky to be in DNS but public keys would work
> > fine. There is no reason for the keys stored in DNS to be embedded i
n
> > a certificate because you can use secure communication with the DNS
> > server based on the key from the next highest level in the DNS
> > hierarchy. ... Caching keys is kind of like caching IP address info
.
Unless I entirely misunderstand this thread, he is saying that the DNS can be
t rusted to maintain the binding between my host's public key and my host's
name--WITHOUT u sing a signed certificate. Before I die choking on my
morning coffee, I would like to know something: What assurance features and
mechanisms does Ran propose to use to m ake us trust all the servers in the
worldwide DNS system that much?
-
-------------------------------------------------------------------------------
- -----------
From: Masataka Ohta
<mohta(_at_)necom830(_dot_)cc(_dot_)titech(_dot_)ac(_dot_)jp>
Return-Path: <mohta(_at_)necom830(_dot_)cc(_dot_)titech(_dot_)ac(_dot_)jp>
Subject: Re: [resend] Use of DNS to distribute keys
To: dee(_at_)skidrow(_dot_)lkg(_dot_)dec(_dot_)com (Beast)
Date: Thu, 16 Sep 93 22:14:39 JST
Cc: atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil,
ipsec(_at_)ans(_dot_)net, namedroppers(_at_)nic(_dot_)ddn(_dot_)mil
In-Reply-To:
<9309141946(_dot_)AA11187(_at_)skidrow(_dot_)lkg(_dot_)dec(_dot_)com>; from
"Beast" at Sep 14
, 93 3:46 pm
X-Mailer: ELM [version 2.3 PL11]
X-Mdf: Mail for shirey sent to shirey(_at_)smiley(_dot_)mitre(_dot_)org
From: atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil (Ran Atkinson)
To: ipsec(_at_)ans(_dot_)net, namedroppers(_at_)nic(_dot_)ddn(_dot_)mil
For several years now I've been thinking that the DNS is
probably a really good way to distribute keys (or key certificates).
For example, if each host had a public key accessible via the DNS, one
could more easily setup a secure session key between oneself and the
remote host that one wished to communicate with. Also, one might be
able to encrypt UDP packets using asymmetric encryption for the odd
case where one only wanted to send one or two packets and thereby
avoid the overhead of setting up a session key for extremely brief
sessions.
This is a great idea I have also had myself. Key certificates are
generally too big and clunky to be in DNS but public keys would work
fine. There is no reason for the keys stored in DNS to be embedded in
a certificate because you can use secure communication with the DNS
server based on the key from the next highest level in the DNS
hierarchy. Caching these keys is kind of like caching IP address
info.
This, obviously, is the way to go. So I have surprised to have received
private mails saying that we don't need secure DNS because we have key
certificate mechanism.
Some people does not understand that key certificate mechanism does not
scale unless a tree of servers are formed.
All you need to complete the picture is to magicly know (or get
via an e-mailed certificate or something) the public keys of the root
DNS servers.
And, as we need public keys to construct the DNS tree, we don't need
any key certificates of servers.
A 1024 bit RSA key, which most people consider secure, is only 128
bytes. An appropriate RSA digital signature is going to be about the
same size. I guess I should do the detailed arithmetic but it seems
to me like a public key containing DNS response should fit into the
DNS 512 bytes UDP limit.
I have found a exception. A reply packet for NS query will contain, as
glue information, addresses AND public keys of multiple name servers.
Thus the 512 bytes limit does matter if there is three name servers with
glue information (quite common).
It should be noted that the NS reply for the root name servers has
once exceeded the UDP limit even without any public keys.
So, if we must extend UDP size limit or must use TCP.
Masataka Ohta
------- End of Forwarded Message