|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: PGP kerserver infrastructure
> While I have limited experience in PGP infrastructure, I have spent a great > deal of time with X.500 & X509 infrastructure (sympathy appreciated). i watched that and see the parallel. > The key service folk (PGP and anyone IETF-izing the X509 world, and the > IPSEC folk for that matter) would be doing a Huge Service to Humanity if > they simply *defined* the manner in which key servers will find each other > using the DNS. i am not convinced. the email address space you describe maps well to the dns as it too is hierarchic (in fact is the identical hierarchy:-). the pgp key space is not obviously hierarchic, but rather a non-directed and cyclic graph. so using the dns, e.g. srv rrs, to find a keyserver is not a mapping so obvious that i can see it. unless you are suggesting that looking for the public key for [email protected] should follow the dns hierarchy for psg.com. this forces all keys ids to be domain name based, which is not a restriction in pgp. it also does not work in obvious ways for reverse lookup, though i can envision a hack similar to in-addr.arpa (yuck). randy
|