Re: PKS, and the DV/MD choice...

Christian Huitema <huitema@bellcore.com> Mon, 28 April 1997 15:43 UTC

Received: from cnri by ietf.org id aa05508; 28 Apr 97 11:43 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa12442; 28 Apr 97 11:43 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id BAA12946; Tue, 29 Apr 1997 01:36:31 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id BAA12924; Tue, 29 Apr 1997 01:27:42 +1000
Received: from mulga.cs.mu.OZ.AU by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id PA06850; Tue, 29 Apr 1997 01:27:35 +1000 (from huitema@bellcore.com)
Received: from seawind.bellcore.com by mulga.cs.mu.OZ.AU with SMTP (5.83--+1.3.1+0.51) id AA04404; Tue, 29 Apr 1997 01:27:31 +1000 (from huitema@bellcore.com)
Received: (from huitema@localhost) by seawind.bellcore.com (8.6.9/8.6.10) id LAA20751 for big-internet@munnari.oz.au; Mon, 28 Apr 1997 11:26:13 -0400
Date: Mon, 28 Apr 1997 11:26:13 -0400
From: Christian Huitema <huitema@bellcore.com>
Message-Id: <9704281126.ZM20749@seawind.bellcore.com>
In-Reply-To: jnc@ginger.lcs.mit.edu (Noel Chiappa) "PKS, and the DV/MD choice..." (Apr 28, 10:43am)
References: <9704281443.AA29183@ginger.lcs.mit.edu>
X-Mailer: Z-Mail (3.2.1 10oct95)
To: big-internet@munnari.oz.au
Subject: Re: PKS, and the DV/MD choice...
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Precedence: bulk

So, we want secure connectivity information, saying essentially that "net
X is connected to AS Y".  One option is to modify BGP-6 to carry
certificates. But this is overkill -- the connectivity information is
static, about as static as address assignment.  Why not just place it in
the DNS ? The inverse domains can be secured by DNS sec, with delegation
traceable all the way up to the IANA.  We could easily place an AS record
in that hierarchy, e.g. "*.18.in-addr.arpa AS IN 12345".  That would allow
instant checks by just looking in the DNS, and a path to escalation in
paranoia land for the security conscious.

-- 
Christian Huitema