[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Do we need to secure our keyservers against kind of DoS Attacks




On Feb 2, 2009, at 7:56 AM, Christoph Anton Mitterer wrote:

On Sun, 2009-02-01 at 22:33 -0500, David Shaw wrote:
There are other ways to store keys.  There is even an RFC (4398) for
storing OpenPGP keys in DNS.
Hey this is really nice,... I wasn't aware of it =)

It's pretty interesting. GPG supports it (both in the "PGP" variant where the whole key is stored in a very large DNS blob, and in the more useful "IPGP" variant where the DNS returns a URL pointing to the regular key) but I don't think it gets particularly wide use. Not all that many people control their own DNS, so that's an additional barrier on top of all of the usual barriers.

One thing that DNS is very good for is fast, lightweight, queries. You could see how building something like a revocation server would be ideal over DNS: revocations are small, and the queries over DNS are fast and cheap.

David