Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



g'day,

John Stracke wrote:
> 
> >Such software would not see this kind of data unless a user
> >of the server tried to use this stuff, and in that case I don't see
> >why that user couldn't upgrade her own software to get it to work.
> 
> Because it's not their software? If I wanted to do PKI through DNS, and my
> ISP's server did not support TCP, I might be stuck.  Personally, I don't
> depend on my ISP for DNS, but many users do.

So users wanting this new service will be pretty motivated to switch DNS
servers when the time comes, what's the big deal in that? Somebody (I
think it was Keith) suggested earlier in this thread that nobody should
be trusted with the single PKI root. Maybe the same sentiment applies to
DNS roots, as well?? Certainly it would seem to apply to trusting them
with a single DNS service provider at the subroot level...

(As he hides behind blast wall, to avoid flying shrapnel...  ;-)


				- peterd

-- 
-----------------------------------------------------------------------
   Peter Deutsch                   peterd@earthlink.net


   "I had to do an assignment on wild animals, and I decided to
    do my report on alligators. To complete my research, I took a
    trip to the zoo. I wanted to make a day of it, so I took along
    my pet dog. I figured we could throw a little frisbee,
    enjoy the sun, but boy was that trip a disaster. I had to
    tell my teacher that my homework ate my dog..."

----------------------------------------------------------------------


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]