Automatic key verification / CERT in DNS / RFC4398

Werner Koch wk at gnupg.org
Thu Apr 6 12:44:39 CEST 2006 

On Wed, 5 Apr 2006 20:03:46 -0500, Brad Knowles said:

> 	Keep in mind that relatively few people use any kind of personal 
> encryption at all, and most that do make use of S/MIME instead of PGP 
> or GPG, because S/MIME is what is provided by default from Microsoft 

The problem with S/MIME is that you can't create a usabable
certificate for yourself.  You have to hand over a lot of money to
a more or less trustworthy CA with no real benefit.  OpenPGP may be used
much easier in that respect.

Using PKA you may use self-signed certificates for S/MIME in the same
way as you use PGP keys.  Yes, the security is limited by the DNS but
well, that is a problem another group needs so solve ;-)

> 	So long as you stick to just one key for the entire domain, it 
> doesn't matter if it's DKIM or PGP.  It still has some greatly 
> increased CPU requirements (because every single message passing 
> through the server will now have to be cryptographically signed, 
> which will increase the CPU server load by many orders of magnitude 
> per message), but at least it has the possibility of being scalable 

I doubt that signing a message puts more load on a server than all the
spam filtering and virus scanning in use today.

DKIM and other methods are also quite computing intensive. 

> 	We did try this technique before -- it was called pgpsendmail, 
> and it cryptographically signed every message passing through the 
> system.  It didn't work very well, and few people ended up using it. 

Because the key distribution and validation of the keys was not solved.

> 	Doing client-side signing and verification is definitely 
> scalable, but is difficult to get jump-started.

Thus start with server-side signing using one key per domain.

> 	I don't think that's likely to happen any time soon.  The 
> solutions which are easy to implement are non-scalable, and the 
> scalable solutions are much more difficult to implement.

DNSSEC does not scale?  Okay, then DNS will eventually be useless.

DNS-CERT does not scale?  The I* types will help to offload the keys.

PKA on a per user base does not scale?  Well, this might be a problem
with millions of users per domain.  I don't know for sure but I doubt
that, say, 64 extra bytes of user data makes any difference to these
providers.




Salam-Shalom,

   Werner

More information about the Gnupg-devel mailing list