[VOIPSEC] Why a secure keyechange for media encryption?
Michael Prochaska
tm021090 at fh-stpoelten.ac.at
Mon May 1 16:11:15 CDT 2006
> i don't think that there is already such a service but as i said, i want
> to describe at least one scenario in my thesis.
>
> my idea:
> before a UA sends an invite it requests the public key from a DNS
> server. DNSSEC (rfc4033, rfc4034 and rfc4035) defines a possibility to
> distribute keys through the DNS.
sorry, wrong direction :-(
from rfc2065 (which i've read a few months ago):
"... This can be the public key of a zone, a host or other end entity,
or a user. ..."
from rfc4033 (which updates rfc2535 which updates rfc2065):
"... The DNSKEY RR is not intended as a record for storing arbitrary
public keys and MUST NOT be used to store certificates or public keys
that do not directly relate to the DNS infrastructure. ..."
if i only had read the latest rfc :-)
anyway, then another directory service has to do the job (LDAP, or maybe
something like a PGP keyserver).
regards,
michael
More information about the Voipsec
mailing list