nanog mailing list archives

Re: New addresses for b.root-servers.net

From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Wed, 21 Jun 2023 19:00:12 +0900

Mark Andrews wrote:

>> If an end and another end directly share a secret
>> key without involving untrustworthy trusted third
>> parties, the ends are secure end to end.

>> An untrustworthy but light weight and inexpensive (or free)
>> PKI may worth its price and may be useful to make IP address
>> based security a little better.

Which you can do with DNSSEC but the key management will be enormous.


Which part of my message, are you responding? First part?

Though you might have forgotten, my initial proposal of DNSSEC
actually allows to use both public and shared keys.

Having hierarchical KDCs (Key Distribution Centers), instead
of hierarchical CAs, key management is not enormous.

Shared key is better than public key, because revocation
is instantaneous. Instead, root KDCs receive large amount
of requests. But, situation is similar to DNS root
servers today and is manageable.

Kerberos relies on KDCs.

However, the shared keys are shared by ends and intermediate
systems of KDCs, which is not end to end security.

                                                Masataka Ohta

Current thread:

Re: New addresses for b.root-servers.net, (continued)
- - - Re: New addresses for b.root-servers.net Cynthia Revström via NANOG (Jun 18)
    - Re: New addresses for b.root-servers.net niels=nanog (Jun 18)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 19)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 19)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 19)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 20)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 20)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 20)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 20)
    - Re: New addresses for b.root-servers.net Mark Andrews (Jun 20)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 21)
    - Re: New addresses for b.root-servers.net David Conrad (Jun 16)
  - Re: New addresses for b.root-servers.net Nathan Ward (Jun 02)
    - Re: New addresses for b.root-servers.net Jared Mauch (Jun 02)
    - Re: New addresses for b.root-servers.net Wes Hardaker (Jun 15)
- Re: New addresses for b.root-servers.net Terrence de Kat (Jun 03)
  - Re: New addresses for b.root-servers.net Robert Story (Jun 04)
    - Re: New addresses for b.root-servers.net Matthew Petach (Jun 07)
    - Re: New addresses for b.root-servers.net Robert Story (Jun 08)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 08)
    - Re: New addresses for b.root-servers.net Mark Andrews (Jun 08)

(Thread continues...)