Re: Global PKI on DNS?

I think you raise a valid concern, but it's one we always face when
transitioning from an insecure system to a more secure system. People
may misuse any security technology by imbuing it with more
capabilities than the developers of the technology intended. However,
if we always let that concern deter us, we will rarely make progress.
Also, this is not a suggestion to deploy a DNS-based PKI in lieu of
other PKIs; I am a believer in multiple. independent PKIs.


so am I, but I also believe that a DNS-based PKI will displace other PKIs -
if we really want multiple independent PKIs we shouldn't try to make one
that is based on the DNS hierarchy.  using DNS to return certs might be okay,
(assuming you can work out the protocol warts), using DNS delegation as 
the framework for a distinguished PKI isn't.

Keith

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Global PKI on DNS?, (continued) RE: Global PKI on DNS?, VILLARREAL, STEVE (SBC-MSI) RE: Global PKI on DNS?, Franck Martin Re: RE: Global PKI on DNS?, Chris Evans Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Einar Stefferud Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore <= Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Robert Elz Re: Global PKI on DNS?, Michael Richardson

Previous by Date:	Re: Global PKI on DNS?, Ed Gerck
Next by Date:	Re: Global PKI on DNS?, Stephen Kent
Previous by Thread:	Re: Global PKI on DNS?, Stephen Kent
Next by Thread:	Re: Global PKI on DNS?, Stephen Kent
Indexes:	[Date] [Thread] [Top] [All Lists]