[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do we need to secure our keyservers against kind of DoS Attacks
On Feb 2, 2009, at 7:56 AM, Christoph Anton Mitterer wrote:
On Sun, 2009-02-01 at 22:33 -0500, David Shaw wrote:
There are other ways to store keys. There is even an RFC (4398) for
storing OpenPGP keys in DNS.
Hey this is really nice,... I wasn't aware of it =)
It's pretty interesting. GPG supports it (both in the "PGP" variant
where the whole key is stored in a very large DNS blob, and in the
more useful "IPGP" variant where the DNS returns a URL pointing to the
regular key) but I don't think it gets particularly wide use. Not all
that many people control their own DNS, so that's an additional
barrier on top of all of the usual barriers.
One thing that DNS is very good for is fast, lightweight, queries.
You could see how building something like a revocation server would be
ideal over DNS: revocations are small, and the queries over DNS are
fast and cheap.