Re: [Asrg] 6. Solutions - Based on Digital Certificates
Raymond S Brand <rsbx@rsbx.net> Wed, 09 July 2003 16:07 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07849 for <asrg-archive@odin.ietf.org>; Wed, 9 Jul 2003 12:07:51 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19aHTQ-0000Q6-0t for asrg-archive@odin.ietf.org; Wed, 09 Jul 2003 12:07:24 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h69G7FBx001602 for asrg-archive@odin.ietf.org; Wed, 9 Jul 2003 12:07:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19aGk8-00040K-KU for asrg-web-archive@optimus.ietf.org; Wed, 09 Jul 2003 11:20:28 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05438; Wed, 9 Jul 2003 11:19:42 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19aGij-0003Z0-8O; Wed, 09 Jul 2003 11:19:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19aGhg-0003G2-Vn for asrg@optimus.ietf.org; Wed, 09 Jul 2003 11:17:57 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05295 for <asrg@ietf.org>; Wed, 9 Jul 2003 11:17:24 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19aGhB-0007QG-00 for asrg@ietf.org; Wed, 09 Jul 2003 11:17:25 -0400
Received: from 226.48.93.66.in-addr.rsbx.net ([66.93.48.226] helo=mail.rsbx.net) by ietf-mx with esmtp (Exim 4.12) id 19aGh4-0007Pg-00 for asrg@ietf.org; Wed, 09 Jul 2003 11:17:20 -0400
Received: from rsbx.net (localhost [127.0.0.1]) by mail.rsbx.net (8.9.3p2/8.9.3) with ESMTP id LAA27826 for <asrg@ietf.org>; Wed, 9 Jul 2003 11:16:54 -0400
Message-ID: <3F0C31E6.FBF70A58@rsbx.net>
From: Raymond S Brand <rsbx@rsbx.net>
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.17.crypt i686)
X-Accept-Language: en
MIME-Version: 1.0
To: asrg@ietf.org
Subject: Re: [Asrg] 6. Solutions - Based on Digital Certificates
References: <5.2.0.9.2.20030709023235.00bbcbd8@solidmatrix.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 09 Jul 2003 11:16:54 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Yakov Shafranovich wrote: > > I read over RFC 2538 which specifies a way for digital certificates to be > stored in the DNS system. The RFC seems to support both X.509 and PGP > certs. Could the method defined in that RFC be used to verify a sender's > identity by storing his certificate in the DNS for the originating domain? Unfortunately, the DNS based CERT storage system proposed in RFC2538 is not efficient for lookups if the type, key tag, or algorithm fields are used as part of the lookup. That is because those fields are in the data returned for a lookup, not the (DNS name) lookup key. So if John Q Public has several CERTs, anyone needing a particular one will need to retrieve them all to find the one with the correct type, key tag, and/or algorithm fields. The problem can be overcome by encoding the CERT selection information as sub-domain labels to the FQDN for John Q Public. DRIP does something like this to check for designation records for SMTP transactions. See http://ietf.org/internet-drafts/draft-brand-drip-00.txt Raymond S Brand _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Solutions - Based on Digital Certificat… Yakov Shafranovich
- Re: [Asrg] 6. Solutions - Based on Digital Certif… Raymond S Brand