Re: Global PKI on DNS?

There's a simple reason why the DNS isn't suitable as a PKI,
and it has nothing to do with transitivity of trust, and nothing
to do with DNS packet size limitations, or root server workloads.

It is that DNS admins did not sign on for the job of authenticating
anything (with the possible exception of the DNS itself).  That's
not what they do, and for most DNS admins & operators isn't something
they have any interest in doing.

All it would have is one DNS admin somewhere in the path that counts
to say "get lost" when asked for some appropriate certificate, and the
whole model breaks.

Just let the PKI stuff be done by those interested in certifying who
is what, why, and perhaps where, and when, and leave us DNS types alone.

kre

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Global PKI on DNS?, (continued) Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Robert Elz <= Re: Global PKI on DNS?, Michael Richardson RE: Global PKI on DNS?, Ari Ollikainen RE: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, John Stracke Re: Global PKI on DNS?, Stephen Kent RE: Global PKI on DNS?, Mike Burns RE: Global PKI on DNS?, Einar Stefferud Re: Global PKI on DNS?, Keith Moore RE: Global PKI on DNS?, John Stracke Re: Global PKI on DNS?, Einar Stefferud

Previous by Date:	Re: Global PKI on DNS?, Einar Stefferud
Next by Date:	RE: Global PKI on DNS?, Stephen Kent
Previous by Thread:	Re: Global PKI on DNS?, Keith Moore
Next by Thread:	Re: Global PKI on DNS?, Michael Richardson
Indexes:	[Date] [Thread] [Top] [All Lists]