Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 	As others have pointed out, the DNS already has the capability
> 	to store certs.  So you could use the DNS as a publication
> 	method.  But is this the only thing a PKI needs?  How would
> 	one revolke a cert that was in the DNS?  How can you update
> 	-every- cached copy of the cert in question?

you don't need to.  there are in general two options for this sort of
thing:

  1) short lived certs
  2) CRL's published at regular intervals.

both involve a regularly-signed short-lived objects.

						- Bill




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]