To:
Simon Josefsson <simon+keydist@josefsson.org>
cc:
Keith Moore <moore@cs.utk.edu>, Derek Atkins <warlord@MIT.EDU>, Ted.Hardie@nominum.com, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Wed, 09 Jan 2002 16:34:17 -0500
In-reply-to:
Your message of "Wed, 09 Jan 2002 22:15:24 +0100." <iluadvnfcpf.fsf@josefsson.org>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
> > I'm aware that the discussion started in terms of using DNS. I don't > > know how the charter will end up, whether it will presume DNS as part > > of the solution or not. IMHO it would be wrong for the charter to > > presume DNS distribution and DNSSEC as mechanisms even if the charter > > were limited to associating key material with DNS-based names. > > A protocol that wants to achieve global key distribution, which > _doesn't_ presume DNS, will have severe operational problems. It depends on the precise role of DNS. I absolutely agree that DNS needs to be part of the path by which those keys are obtained. But this does not imply that the keys are actually obtained using DNS, nor that trust in those keys is established using DNSSEC. Keith