Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] FSFE Fellow Simon Josefsson Interviewed

  • Subject: [News] FSFE Fellow Simon Josefsson Interviewed
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Sun, 27 Dec 2009 01:52:30 +0000
  • Followup-to: comp.os.linux.advocacy
  • Newsgroups: comp.os.linux.advocacy
  • User-agent: KNode/4.3.1
Hash: SHA1

Fellowship interview with Simon Josefsson

,----[ Quote ]
| SRE: Your Masterâs Thesis dealt with the 
| concept of storing personal encryption 
| certificates in DNS. While still not a 
| common practice, you wrote in a recent 
| blogpost that some work has begun to 
| happen in the area. How do you currently 
| regard the promise of this way of 
| distributing keys? Have keyservers in 
| general improved since your thesis was 
| written?
| SJ: The problem is not so much about 
| technology here, but social matters. The 
| person responsible for managing DNS for an 
| organization is typically not the same 
| person responsible for managing user 
| certificates for an organization, and 
| people have been reluctant to change their 
| habits here. After all, DNS is a pretty 
| critical piece of any companyâs 
| infrastructure. So I havenât seen much 
| uptake in this, even if it continues to be 
| a interesting possibility, especially for 
| the OpenPGP world. One part of my thesis 
| was about the privacy issues around the 
| then-current DNSSEC standard, the so 
| called NXT record. I identified and 
| explained that it will lead to problems 
| when people can enumerate entire DNS 
| zones, and even wrote a IETF draft on how 
| to solve the problem using hashing of the 
| names instead of storing the names 
| directly. People in the IETF felt that the 
| threat didnât exist, and thought they were 
| ready to roll out DNSSEC quite soon anyway 
| (this was in 2001/2002!) so they didnât 
| want to change DNSSEC. I gave up on the 
| draft, but years later people who were 
| actually deploying this identified the 
| same problem, and ended up re-inventing my 
| solution, which is now standardized (the 
| NSEC3 record). So at least some of it 
| ended up being used, although not in the 
| form or way I anticipated.



FSFE: EC caves in to proprietary lobbyists on interoperability

Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index