ietf
[Top] [All Lists]

Re: Global PKI on DNS?

2002-06-12 13:14:12
I don't want to discount the importance of cert discovery, but I do
think it's a stretch to believe that you're going to be willing to
trust all of the certs that you discover in a chain of significant
length, for a significant set of purposes.

We're already trusting chains of signficant length (i.e. DNS delegation)
with no decent verification at all.

That's a good point.  PKI on DNS might not be the most trustworthy system 
imaginable, but it would probably be an improvement over no PKI.  Provided 
it doesn't break DNS...

/========================================================\
|John Stracke                    |Principal Engineer     |
|jstracke(_at_)incentivesystems(_dot_)com   |Incentive Systems, Inc.|
|http://www.incentivesystems.com |My opinions are my own.|
|========================================================|
|E pui muove! -- Galileo                                 |
\========================================================/



<Prev in Thread] Current Thread [Next in Thread>