Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There's a simple reason why the DNS isn't suitable as a PKI,
and it has nothing to do with transitivity of trust, and nothing
to do with DNS packet size limitations, or root server workloads.

It is that DNS admins did not sign on for the job of authenticating
anything (with the possible exception of the DNS itself).  That's
not what they do, and for most DNS admins & operators isn't something
they have any interest in doing.

All it would have is one DNS admin somewhere in the path that counts
to say "get lost" when asked for some appropriate certificate, and the
whole model breaks.

Just let the PKI stuff be done by those interested in certifying who
is what, why, and perhaps where, and when, and leave us DNS types alone.

kre


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]