Re: Global PKI on DNS?
2002-06-14 10:24:00
Stef,
Thank You Steve for clarifying your simple little error and
correcting the record on what I did or did not say. I admit that
the error was small in commission but you must admit that it was
huge in affect, so it is good for you to corrected the record.
I will assume that it was not intentional.
no, it was not intentional.
Now, all I did was ask you to offer proof that trust is ever
transitive, as a separate sub-question of the general debate,
because in my view, this question is central to the reasons for
bothering to discuss the rest of this thread.
In short, if trust cannot be proved to be transitive, like DNS zone
control delegation is transitive, then there is no reason to
continue with PKI designs that ASSUME TRUST IS TRANSITIVE.
<snip>
The essence of our disagreement is that I don't view the relationship
between the CAs in a DNS-based PKI to be one of trust. We rely on DNS
admins to correctly bind addresses to names in the zones they
control. This is the seenace of the semantics of DNS operation. If
these folks acted as CAs, we would rely on them in the same fashion
to bind the same names to public keys, which just provides a secure
mechanism to effect the binding of the name. If we don't call the
first relationship trust, then I don't feel we should call the second
one a trust relationship either.
You uses the term "delegation" above and that's critical. In a system
like DNS which makes clear who is authoritative for which names, I
don't think the term "trust" is applicable, and that is the crux of
our disagreement.
Pn a less polite note, your line of argument has been to saddle me
with a need to prove something that I have never asserted, which is
pretty silly, at best. It's not surprising that I continue to decline
to take a side of a debate that you have tried to define for me and
which does not represent my position.
Steve
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Global PKI on DNS?, (continued)
- Re: Global PKI on DNS?, Keith Moore
- Re: Global PKI on DNS?, Ben Laurie
- Re: Global PKI on DNS?, Chris Evans
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?, Stephen Kent
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?, Stephen Kent
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?, Stephen Kent
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?,
Stephen Kent <=
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?, Stephen Kent
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?, Stephen Kent
- Re: Global PKI on DNS?, Ed Gerck
- Re: Global PKI on DNS?, Stephen Kent
- Re: Global PKI on DNS?, Alex Audu
- Re: Global PKI on DNS?, Ed Gerck
- Re: Global PKI on DNS?, Einar Stefferud
- Re: Global PKI on DNS?, Stephen Kent
|
|
|