[Cryptography] Strong DNS Names

Christian Huitema huitema at huitema.net
Wed Sep 7 18:07:52 EDT 2016

On Wednesday, September 7, 2016 8:19 AM, Viktor Dukhovni wrote:
> On Wed, Sep 07, 2016 at 10:01:21AM +0200, Phill wrote:
>> I have a better idea:
>>    alice at example.com.MB2GK-6DUF5-YGYYL-JNY5E
>> ...
> ...
> A difficulty I see is that key rotation becomes difficult to
> impossible.  Is the assumption that this key is off-line, and is
> only used infrequently (by the domain owner) to sign other keys
> that do all the interactive work?  So it can't be changed withoout
> invalidating saved addresses of this form?  (A change of TA, might
> typically mean a change of domain ownership)?

Yes, that's classic big problem with any scheme using fingerprints as identifiers. The lifetime of keys, and fingerprints, is typically shorter than the lifetime of identities. The classic solution is to have a degree of indirection. On the other hand, the lifetime of email addresses is also shorter than the lifetime of identities. After Alice leaves "Example Co.", he is likely to use a different address than "alice at example.com". In fact, if "Example Co." hires a new employee also called Alice, the email address will be recycled and will point to this new Alice's identity.

So maybe bundling the address and the fingerprint in a single token is just OK. At least, it has a "failsafe" property. If I send encrypted mail to the old "alice at example.com.MB2GK-6DUF5-YGYYL-JNY5E," I know that it will not be readable by the new Alice.

-- Christian Huitema

More information about the cryptography mailing list