Re: Global PKI on DNS?2002-06-11 06:53:40As others have pointed out, the DNS already has the capability to store certs. So you could use the DNS as a publication method. But is this the only thing a PKI needs? How would one revolke a cert that was in the DNS? How can you update -every- cached copy of the cert in question? you don't need to. there are in general two options for this sort of thing: 1) short lived certs 2) CRL's published at regular intervals. both involve a regularly-signed short-lived objects. - Bill
|
|