Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I think you raise a valid concern, but it's one we always face when
> transitioning from an insecure system to a more secure system. People
> may misuse any security technology by imbuing it with more
> capabilities than the developers of the technology intended. However,
> if we always let that concern deter us, we will rarely make progress.
> Also, this is not a suggestion to deploy a DNS-based PKI in lieu of
> other PKIs; I am a believer in multiple. independent PKIs. 

so am I, but I also believe that a DNS-based PKI will displace other PKIs -
if we really want multiple independent PKIs we shouldn't try to make one
that is based on the DNS hierarchy.  using DNS to return certs might be okay,
(assuming you can work out the protocol warts), using DNS delegation as 
the framework for a distinguished PKI isn't.

Keith


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]