To:
"James Seng/Personal" <jseng@pobox.org.sg>
Cc:
"Greg Hudson" <ghudson@MIT.EDU>, <keydist@cafax.se>
From:
Simon Josefsson <simon+keydist@josefsson.org>
Date:
Fri, 04 Jan 2002 19:56:49 +0100
Delivery-Date:
Fri Jan 4 19:58:53 2002
In-Reply-To:
<026b01c1954f$938ad9b0$dd00a8c0@jamessonyvaio> ("JamesSeng/Personal"'s message of "Sat, 5 Jan 2002 02:42:29 +0800")
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.090005 (Oort Gnus v0.05) Emacs/21.1.50(i686-pc-linux-gnu)
Subject:
Re: From whence we came...
"James Seng/Personal" <jseng@pobox.org.sg> writes: >> certificate for error-messages.mit.edu). So MIT would have to > transact >> with the certificate authority for each user and each host. Put > simply: >> DNS is more hierarchical right now than PKI is. > > Another business model fault. PKIX is designed to be hierarchical. > > Unfortunately, "I get X dollar per cert" model prevents this from > happening. Imaging if InterNIC started to charge "$1 per host" and not > "$35 per domain" in 1995, we likely end up the same for DNS too. We are headed in that direction with opt-in anyway, I think. It will cost $35 to get foo.com but $35^x to get a foo.com that is DNSSEC signed.