To:
keydist@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Thu, 03 Jan 2002 12:19:23 -0500
Delivery-Date:
Thu Jan 3 18:59:26 2002
In-reply-to:
Your message of "Thu, 03 Jan 2002 10:06:39 EST." <3C34737F.5275ED79@sun.com>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "Steve" == Steve Hanna <steve.hanna@sun.com> writes: Steve> I'm pretty sure that we want certs here, not just keys. Putting keys Steve> in DNS and relying on DNSSEC to authenticate the keys means that Steve> you're tied to the DNSSEC trust model. Top down, single root (per Steve> TLD), single certification policy that may not match an application Steve> or user's needs, etc. Not good! That the model doesn't meet every user's needs does not mean that it doesn't match some users' needs. If you are arguing that there must be a single public key distribution protocol, then you are wrong. Steve> I know that certs are complicated. But there are libraries that Steve> handle this stuff now. And I don't want to go back to a single Steve> root model! So don't. I don't see your problem. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPDSSmoqHRg3pndX9AQGsTgQA4Z5zpOb5x5I4m5NPnXXr4JQoYGKgTIwW AJcgqQdoqWcidM0g29E/2NbyyDch6+Oi9Co6zPvt8uNuna0n7RHUV4Fuz2RcljR9 NURcPdfRiOVghl1Wd71upQxWV+jf0/5xFliexKHIt+O2hTa7CewxXxPqaybJFvPj J0aWi/0EG9o= =L+n5 -----END PGP SIGNATURE-----