Global PKI on DNS?

I was wondering if the best system to build a global PKI wouldn't be the
DNS system already in place?

The root servers would share the ROOT Certificates and would sign a
certificate to each .org .com .net .fr,... managers of this
domains...Which in turn would use these certificates to sign sub domains
certificates...

The issued certifcates would have a constraint on the domain name to
ensure that the certificate can only be used in sub domains... and would
allow to be used for anything (web server, imap server, e-mail, code,
document,...)

There would be an extension to the DNS protocol to add a type record
which would allow to extract the certificate and the list of revoked
certificates...

The system would have to be quite secure but DNSSec is in place now...

It would be the easiest way as apparently nobody is trying to build a
global PKI infrastructure and LDAP people can't agree on a global
standard to link each ldap server to each other, which DNS has...

Comments?

Cheers.

<Prev in Thread]	Current Thread	[Next in Thread>
Global PKI on DNS?, Franck Martin <= Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, David Conrad Re: Global PKI on DNS?, Fred Baker Re: Global PKI on DNS?, James Pullicino Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, Michael Richardson Re: Global PKI on DNS?, Pekka Savola Re: Global PKI on DNS?, Simon Josefsson Re: Global PKI on DNS?, Eric A. Hall

Previous by Date:	announcing public-ietf-w3c(_at_)w3(_dot_)org (fwd), Rob Lanphier
Next by Date:	Re: Global PKI on DNS?, Valdis . Kletnieks
Previous by Thread:	announcing public-ietf-w3c(_at_)w3(_dot_)org (fwd), Rob Lanphier
Next by Thread:	Re: Global PKI on DNS?, Valdis . Kletnieks
Indexes:	[Date] [Thread] [Top] [All Lists]