Re: From whence we came...

[Steve Hanna <steve.hanna@sun.com>]

Ted Hardie wrote:
> On Thu, Jan 03, 2002 at 03:59:19PM -0500, Steve Hanna wrote:
> > The requirement for a single global trusted root does bother me.
> > That's why I would rather use a PKI, where the user can configure
> > their own set of trust anchors. Most users will be happy with
> > whatever ships with the browser, but people who care can always
> > change it. And administrators who care can change the defaults
> > in the configuration files they distribute with the browser.
> 
> Many internet applications don't have a user, much less a
> browser.  It would be very useful for that class of applications
> to have some trust anchor that is globally available.

What applications do you have in mind? In many application protocols
where there's no user (like NNTP or LDAP replication), there's an
administrator who might want to configure their own trust anchors.
But for DNS, I can see the value in having a single global trust
anchor to maintain a consistent world-wide directory. Are there
other examples where a global trust anchor generally makes sense?

-Steve