"Jeroen Massar" <[EMAIL PROTECTED]> writes:
> As I was toying around with Opportunistic Encryption it shaded another
> light on this subject.
> Could there be a query type which requests the KEY (just like the DNS
> RR) of a host.
Yes, it's called IKE. It's already part of the IPsec protocol suite.
> This would allow for example FreeS/WAN and Racoon and other IPSec
> implementations to request
> the public KEY from the host itself in a standardized way. The proposed
> DNS<->nodeinfo could
> then also provide this information over DNS. Ofcourse one has no 100%
> ensurance that the replied
> KEY is valid at all.
This is exactly why it isn't done, and why you want keys in DNSSEC.
> Greets,
> Jeroen
-derek
--
Derek Atkins
Computer and Internet Security Consultant
[EMAIL PROTECTED] www.ihtfp.com
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
