What is the average size of a PKI certificate?
Regards,
James Pullicino
----- Original Message -----
From: Franck Martin
To: openssl-users(_at_)openssl(_dot_)org
Cc: ietf(_at_)ietf(_dot_)org ; isdf(_at_)isoc(_dot_)org
Sent: Saturday, June 08, 2002 3:22 PM
Subject: Global PKI on DNS?
I was wondering if the best system to build a global PKI wouldn't be the DNS
system already in place?
The root servers would share the ROOT Certificates and would sign a
certificate to each .org .com .net .fr,... managers of this domains...Which in
turn would use these certificates to sign sub domains certificates...
The issued certifcates would have a constraint on the domain name to ensure
that the certificate can only be used in sub domains... and would allow to be
used for anything (web server, imap server, e-mail, code, document,...)
There would be an extension to the DNS protocol to add a type record which
would allow to extract the certificate and the list of revoked certificates...
The system would have to be quite secure but DNSSec is in place now...
It would be the easiest way as apparently nobody is trying to build a global
PKI infrastructure and LDAP people can't agree on a global standard to link
each ldap server to each other, which DNS has...
Comments?
Cheers.