Date: Wed, 09 Oct 2002 18:29:21 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Mike Hoskins <mike@adept.org> Cc: security@FreeBSD.ORG Subject: Re: md5 checksum server Message-ID: <200210100029.g9A0TLGI015286@orthanc.ab.ca> In-Reply-To: Your message of "Wed, 09 Oct 2002 16:45:06 PDT." <20021009164341.E88705-100000@fubar.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Hoskins writes: >> 1) it requires DNSSEC to ensure the MD5 record data isn't forged > >Easy enough. Technically, yes. But until we have offficially signed roots, it's not practical to deploy. >> 2) DNS caching would hide updates for the duration of the TTL >> attached to the TXT record > >Tuneable. Yes, but a log of implementations silently enforce a 5 minute minimum TTL, leaving a window where incorrect information could be presented. >I didn't say this was ideal, but it's easy to setup does work in the wild >now for some datasets. Regardless, I'm not attached to any one >proposal... Feel free to make others. :) I like the idea of basing this on the PGP web of trust. I also sense a business opportunity for anyone willing to build an Akami-like secure software distribution service. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210100029.g9A0TLGI015286>