[VOIPSEC] Why a secure keyechange for media encryption?
Michael Prochaska
tm021090 at fh-stpoelten.ac.at
Mon May 1 16:36:28 CDT 2006
btw, here is a document over public key distribution via DNS.
http://www.eecs.tufts.edu/~mgilfix/publications/comp150csFP.pdf
from there i had the reference to rfc2065.
regards,
michael
tm021090 at fh-stpoelten.ac.at schrieb:
>>i don't think that there is already such a service but as i said, i want
>>to describe at least one scenario in my thesis.
>>
>>my idea:
>>before a UA sends an invite it requests the public key from a DNS
>>server. DNSSEC (rfc4033, rfc4034 and rfc4035) defines a possibility to
>>distribute keys through the DNS.
>
>
> sorry, wrong direction :-(
>
> from rfc2065 (which i've read a few months ago):
> "... This can be the public key of a zone, a host or other end entity,
> or a user. ..."
>
> from rfc4033 (which updates rfc2535 which updates rfc2065):
> "... The DNSKEY RR is not intended as a record for storing arbitrary
> public keys and MUST NOT be used to store certificates or public keys
> that do not directly relate to the DNS infrastructure. ..."
>
> if i only had read the latest rfc :-)
>
>
> anyway, then another directory service has to do the job (LDAP, or maybe
> something like a PGP keyserver).
>
> regards,
> michael
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list