pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

bounced msg

1993-09-27 13:08:00
from [David I. Dalva] [Permanent Link] 
   ----- Unsent message follows -----
Received: by us3rmc.bb.dec.com; id AA18035; Thu, 16 Sep 93 09:32:42 -0700
Received: by inet-gw-1.pa.dec.com; id AA12077; Thu, 16 Sep 93 09:32:44 -0700
Received: from magellan.tis.com by magellan.TIS.COM id aa23527;
          16 Sep 93 11:58 EDT
Received: from tis.com by magellan.TIS.COM id aa23523; 16 Sep 93 11:56 EDT
Received: from azalea.tis.com by TIS.COM (4.1/SUN-5.64)
        id AA08466; Thu, 16 Sep 93 11:56:43 EDT
Received: by azalea.tis.com; id AA01969; Thu, 16 Sep 93 11:55:24 EDT
Received: from transfer.stratus.com/134.111.1.10 via smap
Received: from lectroid.sw.stratus.com by transfer.stratus.com (4.1/3.14-jjm)
        id AA18024; Thu, 16 Sep 93 11:56:21 EDT
Received: from ellisun.sw.stratus.com by lectroid.sw.stratus.com (4.1/3.10-jjm)
        id AA19261; Thu, 16 Sep 93 11:56:20 EDT
Received: by ellisun.sw.stratus.com (4.1/SMI-4.1)
        id AA09369; Thu, 16 Sep 93 11:56:19 EDT
Date: Thu, 16 Sep 93 11:56:19 EDT
From: Carl Ellison <cme(_at_)ellisun(_dot_)sw(_dot_)stratus(_dot_)com>
Message-Id: 
<9309161556(_dot_)AA09369(_at_)ellisun(_dot_)sw(_dot_)stratus(_dot_)com>
To: shirey(_at_)smiley(_dot_)mitre(_dot_)org
Subject: Re: [resend] Use of DNS to distribute keys
Cc: pem-dev(_at_)tis(_dot_)com


Unless I entirely misunderstand this thread, he is saying that the
DNS can be trusted to maintain the binding between my host's public
key and my host's name--WITHOUT using a signed certificate.  Before I
die choking on my morning coffee, I would like to know something:
What assurance features and mechanisms does Ran propose to use to
make us trust all the servers in the worldwide DNS system that much?


If I read him correctly, he's assuming a trusted connection to a server
which has been vouched for by some other trusted server, over a trusted
connection.  That setup is equivalent to a certificate hierarchy but with
trusted, encrypted channels over which you learn keys substituting for
signatures of those keys.

At some point (perhaps the top server) there needs to be another way to
establish the public key but that's true for certificates anyway.

I'm not pushing this system -- just trying to read his message and answer
your question.

 - Carl

------- End of Forwarded Message
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  bounced msg, David I. Dalva
Next by Date:  bounced msg, David I. Dalva
Previous by Thread:  bounced msg, David I. Dalva
Next by Thread:  bounced msg, David I. Dalva
Indexes:  [Date] [Thread] [Top] [All Lists]