Crypto elsewhere

martin@mrrl.lut.ac.uk martin at mrrl.lut.ac.uk
Thu, 26 Mar 1998 18:06:57 +0000 

-----BEGIN PGP SIGNED MESSAGE-----


Stefek Zaba writes:

| I too am Confused. On the narrow point, like Paul I read this Internet
| Draft as vigorously rejecting "feel-goodware" signatures - though its
| language seems a little confused, as there are no fielded Internet
| security protocols which use a 40-bit symmetric key based signature or a
| 40-bit hash.

The language probably seems confused because it was being written at
4am, so as to catch the Internet Drafts deadline for the LA IETF :-)

The document really ought to have a proper "security considerations"
section, since a) this is something that usually gets skipped(!) and
b) proper authentication of control messages would be very important
if people were actually to go for this scheme.

It's difficult to find the right level to pitch these things at,
though.  The comment about 40 bit keys was really just a throwaway
reference to the practice of crippling a perfectly decent crypto
algorithm by forcing a chunk of the keyspace to a known value - e.g.
for export from the US. So, don't read too much into it.  I suppose
the flipside is that if you mention terms like "key escrow" too much
in an RFC you end up coming across like an extra from the X Files!

|              On the broader point, there already *is* a standards-track
| proposal - and implemented, *freely exportable* code! - for secured DNS:
| see http://www.ietf.org/html.charters/dnssec-charter.html in general and
| RFCs 2065 and 2137 in particular. (The code is freely exportable from the
| US preciselybecause confidentiality is a non-goal, unlike strong
| authentication for the secured information.) Perhaps the authors are
| suggesting that PGP-signing DNS zone updates would be a good transitional
| move before the more widespread deployment of secure DNS; that's a kinder
| interpretation than that they're simply unaware of it.

I think you're getting too bound up in the crypto aspect - things like
PGP and DNSSEC are orthogonal to the problem (if you believe it's a
problem :-) of centralized control of key portions of the DNS, and
real or imagined abuse of the current "monopoly" situation.

The issue we're addressing is how best to distribute *authority* for
chunks of the Internet domain name space.  The crypto element of this
is all about trust and authentication.  PGP already has a substantial
installed base plus a well established public key infrastructure,
which seems to make it a good candidate.  Usenet News appears to be a
very effective way to periodically distribute information to large
numbers of interested parties.  QED ?

Ciao!

Martin



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNRqZPdZdpXZXTSjhAQFzJQP+M5isz80TyWPLVFq+7tD/IyUAH3Iy2UaG
jnqW7el+W35aA5rZUxV4Al8g0Hr37VMr6lDwqcekK+7Rjp9PCmObv1bLNQ2Pg6EA
TRoKcMvzJ3Lfyh/R/ZE+hrPGT4SLoQaSKlw8sAjVczH+3qvk4yEWS3HnfnAzeCmy
LpGSS5V4Bt4=
=m/gP
-----END PGP SIGNATURE-----