ietf-openpgp
[Top] [All Lists]

Re: Principles and Principals

1997-09-25 02:41:13
-----BEGIN PGP SIGNED MESSAGE-----

One problem with [DNSSEC] is that the administrator may not be trustworthy,
and/or that there may be too many users for the administrator to
adequately check identity.  I don't know how many domain names there are,
probably hundreds of thousands.  The administrator of .com is going to
have a big job making sure that every tom-dick-and-harry.com has the right
key registered.  Likewise it may be easy in some cases to persuade a
low-level DNS administrator to put out a fake key.

Perhaps one way to reduce this problem would be to encourage high-level
zones such as .com, .net etc. to act as Policy Certificate Authorities
where they will only certify keys of organisations that agree to observe
certain standards such as how rigorous user checks are (see
http://www.cs.ucl.ac.uk/research/ice-tel/policy.html for an example)?

Ian :D

-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21

iQCVAgUANCoxp5pi0bQULdFRAQF1sAP9EILV91aLSR8b6IO4IboyrSLefhZ43rN1IOnw0AES6rF3
8e2siTk2B5XWetAfShKOHFcBTqVlHkv/xsO9mc7RAksYArC0cJvSLXc7pbLBVwGK9aX5cSkRPrja
6xUr9ItQPBc8UWV31Il0BxZ9morlo/mHrigZuY2ZQ3T2/c6tHCM=
=9mdt
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>