In message
<OF4A931F67(_dot_)FFE1C8BB-ON85256BD7(_dot_)004D98DC(_at_)incentivesystems(_dot_)com>
on Thu, 13 Jun 2002 10:08:49 -0400, "John Stracke"
<jstracke(_at_)incentivesystems(_dot_)com> said:
jstracke> >The CERT extension to DNS allows to place there a URI, a
jstracke> >URI is smaller than a cert and stays in a udp packet.
jstracke>
jstracke> Bootstrap problem: how can you trust the results of the URI?
The same way I trust whatever certificate source I have; not at all.
But from a PKI point of view, that's beside the point, as long as you
can to path discovery and validation all the way between the
certificate I want to verify and a set of root certificates you trust.
So the bootstrap problem is the same regardless of your certificate
source: you need a set of trusted root certificates.
--
Richard Levitte \ Spannvägen 38, II \ LeViMS(_at_)stacken(_dot_)kth(_dot_)se
Redakteur(_at_)Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- poei(_at_)bofh(_dot_)se
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.