In message <OF4A931F67.FFE1C8BB-ON85256BD7.004D98DC@incentivesystems.com> on Thu, 13 Jun 2002 10:08:49 -0400, "John Stracke" <jstracke@incentivesystems.com> said: jstracke> >The CERT extension to DNS allows to place there a URI, a jstracke> >URI is smaller than a cert and stays in a udp packet. jstracke> jstracke> Bootstrap problem: how can you trust the results of the URI? The same way I trust whatever certificate source I have; not at all. But from a PKI point of view, that's beside the point, as long as you can to path discovery and validation all the way between the certificate I want to verify and a set of root certificates you trust. So the bootstrap problem is the same regardless of your certificate source: you need a set of trusted root certificates. -- Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- poei@bofh.se Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info.