Crypto elsewhere
Stefek Zaba
sjmz at hplb.hpl.hp.com
Thu, 19 Mar 1998 18:15:42 +0000
Paul Leyland, in response to Bruce Tober, in response to
draft-hamilton-fix-dns-00.txt, writes:
> > I suspect that it's shooting itself in the foot early in paragraph
> > 3 which suggests that escrowed private keys would be about as
> > much use as... well, read it... )
>
> I did read it. I conclude that I must be missing something. Section 3
> explicitly states that weak cryptography and escrowed keys are *not*
> acceptable:
>
I too am Confused. On the narrow point, like Paul I read this Internet
Draft as vigorously rejecting "feel-goodware" signatures - though its
language seems a little confused, as there are no fielded Internet
security protocols which use a 40-bit symmetric key based signature or a
40-bit hash. On the broader point, there already *is* a standards-track
proposal - and implemented, *freely exportable* code! - for secured DNS:
see http://www.ietf.org/html.charters/dnssec-charter.html in general and
RFCs 2065 and 2137 in particular. (The code is freely exportable from the
US precisely because confidentiality is a non-goal, unlike strong
authentication for the secured information.) Perhaps the authors are
suggesting that PGP-signing DNS zone updates would be a good transitional
move before the more widespread deployment of secure DNS; that's a kinder
interpretation than that they're simply unaware of it.
Cheers, Stefek