Re: summary of Secure Shell (secsh) meeting at ietf52

[Jeffrey Altman <jaltman%columbia.edu@localhost>]

DNS implementors are very concerned about the size of the zone files
which will need to be protected by DNSSEC.  I believe that this is the
primary reason why any application specific information such as keys
or certificates are desired to not be in DNS.  

> At the DNSEXT meeting, there was a (mildly surreal) exchange where
> they attempted to not allow "yucky applications", like SSH, to
> store keys in DNS.  They claimed to want to dodge that work
> by waiting until the apps asked for it, and when several people
> in the room pointed out that people in the SSH wg were talking
> about it, this got ignored.
> 
> So I think we need to have something, requirements or whatever,
> that we whack the DNSEXT wg with, so they know we're thinking
> about it, regardless of what 'we' want to do.
> 
> At 09:55 AM 12/11/2001 -0800, Darren J Moffat wrote:
> >>and dns key storage both need a bit more work; we expect revised
> >>drafts by the next IETF meeting.
> >
> >
> >If I remeber correctly the author of the DNS host key storage draft
> >said that the have no intention of continuting with it in its current
> >form and that the draft will be left to expire unchanged.  They wish
> >to go back to requirements gathering and this may result in solving
> >the problem space a different way (ie maybe not DNS as I gathered).
> >
> >I also volunteered to start a new draft for agent forwarding -
> >requirements for this will be done via this list with at least an 00
> >draft by next meeting.
> >
> >--
> >Darren J Moffat
> >
> >
> 



 Jeffrey Altman * Sr.Software Designer      C-Kermit 8.0 Beta available
 The Kermit Project @ Columbia University   includes Secure Telnet and FTP
 http://www.kermit-project.org/             using Kerberos, SRP, and 
 kermit-support%kermit-project.org@localhost          OpenSSL.  SSH soon to follow.