I have heard the pros and cons of doing it with DNS and I'm well aware of them. We could discuss ad eternam of what to do, but I suppose now the best action is to write a draft informational RFC (informational only!) that proposes a possible methodology to provide a global PKI with DNS hooks.
If this document exists then it can be read. examined and submitted to ICANN/IANA for possible implementation, but that's another story... What is important is that something exists and then see if people are willing...
I'm sorry but I won't be at the IETF meeting, unless someone invite me (pay the trip) but I will be in INET2002 and some of you too... So let's meet there and discuss. We can get a room in INET for discussion.
If some people agree, then I will put a notice on the board at INET.
Cheers.
Franck@sopac.org
On Wed, 2002-06-12 at 20:13, John Stracke wrote:
That's a good point. PKI on DNS might not be the most trustworthy system imaginable, but it would probably be an improvement over no PKI. Provided it doesn't break DNS...