To:
keydist@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Thu, 03 Jan 2002 12:19:23 -0500
Delivery-Date:
Thu Jan 3 18:59:26 2002
In-reply-to:
Your message of "Thu, 03 Jan 2002 10:06:39 EST." <3C34737F.5275ED79@sun.com>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Steve" == Steve Hanna <steve.hanna@sun.com> writes:
Steve> I'm pretty sure that we want certs here, not just keys. Putting keys
Steve> in DNS and relying on DNSSEC to authenticate the keys means that
Steve> you're tied to the DNSSEC trust model. Top down, single root (per
Steve> TLD), single certification policy that may not match an application
Steve> or user's needs, etc. Not good!
That the model doesn't meet every user's needs does not mean that it
doesn't match some users' needs.
If you are arguing that there must be a single public key distribution
protocol, then you are wrong.
Steve> I know that certs are complicated. But there are libraries that
Steve> handle this stuff now. And I don't want to go back to a single
Steve> root model!
So don't. I don't see your problem.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPDSSmoqHRg3pndX9AQGsTgQA4Z5zpOb5x5I4m5NPnXXr4JQoYGKgTIwW
AJcgqQdoqWcidM0g29E/2NbyyDch6+Oi9Co6zPvt8uNuna0n7RHUV4Fuz2RcljR9
NURcPdfRiOVghl1Wd71upQxWV+jf0/5xFliexKHIt+O2hTa7CewxXxPqaybJFvPj
J0aWi/0EG9o=
=L+n5
-----END PGP SIGNATURE-----