[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS u
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?) |
|
Date: |
Mon, 06 Jul 2009 15:06:11 -0400 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
On 07/06/2009 12:04 PM, David Shaw wrote:
> On the subject of the various "pool" keyserver addresses, I'm working on
> (re) adding SRV support to GPG using DNS service discovery.
Excellent news, thank you David!
Are you thinking about using simple SRV records [0], or (as your use of
the term "service discovery" suggests) the more-complex DNS-SD [1]?
DNS-SD (in conjunction with the rest of the zeroconf suite, and a
well-implemented pubring-via-HKP daemon) could make it possible to
quickly and easily share public keys and certifications between neighbors.
It could also open up concerns about the ease of spoofing keyservers,
but i think those concerns already exist on the 'net today -- using
explicitly decentralized protocols like mDNS/DNS-SD is just taking the
decentralized and unauthenticated gossiping keyservers model one step
further. We rely on client-side crypto to evaluate the legitimacy of
returned signatures anyway, and that certainly wouldn't change.
--dkg
[0] http://tools.ietf.org/html/rfc2782
[1] http://tools.ietf.org/html/draft-cheshire-dnsext-dns-sd
signature.asc
Description: OpenPGP digital signature