Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Conrad <david.conrad@nominum.com> writes:

> On 6/12/02 8:20 AM, "Eric Rescorla" <ekr@rtfm.com> wrote:
> >> But I can do
> >> this only if I can discover certs that *aren't* either in the set it hands
> >> me or in my local set, and TLS says nothing about how to do this.
> > Yes, because it's an edge case.
> 
> Scalability as an edge case.  Hmm.
Well, I see that you're as confused about what I said as Bob was.

If you have a singly-rooted cert hierarchy, then you always can
provide an explicit path to a known root. This scales extremely
well. 

> > I think it's a little early to start
> > worrying about cross-certification.
> 
> I think it is more than a bit late.

I guess we'll just have to differ here.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]