nanog mailing list archives

RE: PGP kerserver infrastructure

From: Randy Bush <randy () psg com>
Date: Fri, 30 Jun 2000 09:26:11 -0700

When you look at this issue, there are three competing subproblems:
1) How do I find the X server for domain Y that domain Y is running?
1A) How do I find the X server that proxies for domain Y (a subcase of 1)
2) How do I find user Z in domain Y when no server (proxy or native) is
available?
3) How do I find user Z in a list of user registries? (and how do I find
the definitive list of user registries?)


to users, there are only two questions:
  o given a pgp id, show me the key
  o kiven a key id, show me the key

all of the 'sub-problems' above are a symptoms of trying to impose multiple
servers, dns-based solutions, proxies, ... to solve a classic internet
scaling problem.  simply don't go there, complexity increses super-linearly
with scale with these methods.

randy

Current thread:

PGP kerserver infrastructure Shawn McMahon (Jun 27)
- <Possible follow-ups>
- Re: PGP kerserver infrastructure Steven M. Bellovin (Jun 29)
  - Re: PGP kerserver infrastructure Jeff Haas (Jun 29)
    - Re: PGP kerserver infrastructure Rick Irving (Jun 29)
    - Re: PGP kerserver infrastructure Valdis . Kletnieks (Jun 29)
    - Re: PGP kerserver infrastructure Rick Irving (Jun 29)
    - Crypto restrictions (was Re: PGP kerserver infrastructure) Bennett Todd (Jun 29)
- RE: PGP kerserver infrastructure Roeland M.J. Meyer (Jun 30)
  - Re: PGP kerserver infrastructure Valdis . Kletnieks (Jun 30)
- RE: PGP kerserver infrastructure Eric M. Carroll (Jun 30)
  - RE: PGP kerserver infrastructure Randy Bush (Jun 30)
    - Message not available
    - Re: PGP kerserver infrastructure Randy Bush (Jun 30)