DNS keyserver (was Re: gnupg-1.0.7: keyserver subdir?)

Simon Josefsson jas@extundo.com
Tue Jul 9 19:08:02 2002 

Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> writes:

> David Shaw <dshaw@jabberwocky.com> writes:
>
>> I have a few minor comments/concerns (maybe we should drag this over
>> to gnupg-devel?):
>
> I have one major concern:
>
> The current approach is slower than HKP.
>
> DNS is only more efficient if you stay below the 512 bytes (including
> overhead) limit.  If answers get bigger, a full TCP connection is
> required *in* *addtion* to the initial request/answer pair. :-/

Yes, one UDP round-trip is wasted.  OTOH the server can guess that
CERT RR's should be fetched with TCP, or it can use EDNS.0 to increase
the 512 byte limit (EDNS.0 is required with IPv6 and DNSSEC anyway, if
I recall correctly).

Distributed caching, round-trip optimization, automatic fail over, and
a possibility of having signed answers could still be advantages for
DNS though.  Some of these can surely be implemented with HKP too, but
doesn't seem to be today.

> And I pretty much doubt that servers cache RRs which are a couple of
> kilobytes large, so the current approach appears to be rather
> pointless.  Sorry.

I think DNS servers cache things unless you disable it by policy.  A
department running a name server for the benefits of their users would
probably not disable this by policy.  Then if everyone in the
department received a signed email from the outside and retrieved the
key, it would be an 1:n optimization.

But the amount of traffic we are talking about here is just noise, I
don't see efficiency as the main advantage.

One advantage would be that eventually it could be possible to secure
the link between a domain and user in that domain (consider
company.com signing its zone containing references to their users
keys).  Then a fake business card and a fake uploaded key on a
keyserver isn't enough to mount a man-in-the-middle attack.

> It might work better if you just store minimal revocation certificates
> (those used by GnuPG) in DNS.

Yes, that should be done.  If DNS is used for that, I don't see how it
harms to have DNS as an option for retrieving certificates too.  I'm
sure lots of people will continue to use HKP for many years anyway.