Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Well, we agree on the utility of having multiple PKIs. We disagree on
> the need for a PKI that happens to cover a specific name space that
> underlies the vast majority of IP-based communications, or at least
> you disagree on the desirability of that specific PKI given the
> reality of who runs which TLDs. But, you don't offer any suggestions
> on how to address the need that a DNS-based PKI satisfies.

I don't see it as a 'need' in that sense.  If you want to increase
the level of trust over the current situation, you pretty much have
to either exchange keying material directly with that party,
or pick a third party that *you* trust to serve as an intermediary.
It's really hard to have multiple intermediaries because you need 
to trust them all.  And just because someone runs a TLD doesn't mean 
that you want to trust them - it often means you should be wary of them.

It really doesn't have much to do with DNS - the problem is that 
real trust doesn't scale to that level no matter what the naming 
scheme or the protocol.

Keith


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]