Re: Global PKI on DNS?

      As others have pointed out, the DNS already has the capability
      to store certs.  So you could use the DNS as a publication
      method.  But is this the only thing a PKI needs?  How would
      one revolke a cert that was in the DNS?  How can you update
      -every- cached copy of the cert in question?


you don't need to.  there are in general two options for this sort of
thing:

  1) short lived certs
  2) CRL's published at regular intervals.

both involve a regularly-signed short-lived objects.

                                                - Bill

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Global PKI on DNS?, (continued) Re: Global PKI on DNS?, Fred Baker Re: Global PKI on DNS?, James Pullicino Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, Michael Richardson Re: Global PKI on DNS?, Pekka Savola Re: Global PKI on DNS?, Simon Josefsson Re: Global PKI on DNS?, Eric A. Hall Re: Global PKI on DNS?, Simon Josefsson Re: Global PKI on DNS?, Eric A. Hall Re: Global PKI on DNS?, Bill Manning Re: Global PKI on DNS?, Bill Sommerfeld <= Re: Global PKI on DNS?, Ben Laurie Re: Global PKI on DNS?, Arne Ansper Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Michael StJohns Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, Keith Moore

Previous by Date:	Re: Global PKI on DNS?, Simon Josefsson
Next by Date:	Re: Global PKI on DNS?, Ben Laurie
Previous by Thread:	Re: Global PKI on DNS?, Bill Manning
Next by Thread:	Re: Global PKI on DNS?, Ben Laurie
Indexes:	[Date] [Thread] [Top] [All Lists]