Home page logo
/

nanog logo nanog mailing list archives

RE: PGP kerserver infrastructure
From: Randy Bush <randy () psg com>
Date: Fri, 30 Jun 2000 09:26:11 -0700


When you look at this issue, there are three competing subproblems:
1) How do I find the X server for domain Y that domain Y is running?
1A) How do I find the X server that proxies for domain Y (a subcase of 1)
2) How do I find user Z in domain Y when no server (proxy or native) is
available?
3) How do I find user Z in a list of user registries? (and how do I find
the definitive list of user registries?)

to users, there are only two questions:
  o given a pgp id, show me the key
  o kiven a key id, show me the key

all of the 'sub-problems' above are a symptoms of trying to impose multiple
servers, dns-based solutions, proxies, ... to solve a classic internet
scaling problem.  simply don't go there, complexity increses super-linearly
with scale with these methods.

randy




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]