Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 6:17 PM -0400 6/16/02, Keith Moore wrote:
>  > Multiple cert paths do not necessarily make for more trust, but they
>>  do add enough complexity to make the system unscaleable, not to
>>  mention the revocation issues ...
>
>uuh.  A single root CA definitely doesn't scale, because there is no CA
>that everyone can trust.  There might be scalability issues with multiple
>paths, but they're not as fundamental as that.

Keith,

If explicit trust is required I agree, but in the DNS case we already
have a singly-rooted tree that everyone relies upon. if you want to
use the word "trust" then we all trust the root for DNS, but I think
the term is not applicable here.

if we created a DNS-based PKI, we would be relying on the correct
operation of each of the DNS domains for secure identification, in
lieu of relying on them for insecure identification.

Steve


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux