What is the average size of a PKI
certificate?
Regards,
James Pullicino
----- Original Message -----
Sent: Saturday, June 08, 2002 3:22
PM
Subject: Global PKI on DNS?
I was wondering if the best system to build a global PKI
wouldn't be the DNS system already in place?
The root servers would
share the ROOT Certificates and would sign a certificate to each .org .com
.net .fr,... managers of this domains...Which in turn would use these
certificates to sign sub domains certificates...
The issued
certifcates would have a constraint on the domain name to ensure that the
certificate can only be used in sub domains... and would allow to be used for
anything (web server, imap server, e-mail, code, document,...)
There
would be an extension to the DNS protocol to add a type record which would
allow to extract the certificate and the list of revoked certificates...
The system would have to be quite secure but DNSSec is in place now...
It would be the easiest way as apparently nobody is trying to build a
global PKI infrastructure and LDAP people can't agree on a global standard to
link each ldap server to each other, which DNS has...
Comments?
Cheers.
|